Trusted root isn't where your cert should go; not sure if that's what IIS is unhappy about though. It should be in the Personal folder under Certificates (Local Computer)
Once it's there, restart IIS Manager and it should see it as an available cert. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: [email protected] [mailto:[email protected]] On Behalf Of David Lum Sent: Friday, September 20, 2013 4:18 PM To: [email protected] Subject: [NTSysADM] RE: And now, my SSL ignorance.... Weird...on my dev box I can install the cert via Certificate MMC and drop it into the trusted root store successfully, but the same PFX file will not import into IIS "Details: The index value is invalid". Google-Fu fails me From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Damien Solodow Sent: Friday, September 20, 2013 12:38 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: And now, my SSL ignorance.... It's actually easier than you think. :) 1) Install cert (either via IIS or Certificates MMC) 2) Wait for outage; change bindings 3) Pat self on back DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David Lum Sent: Friday, September 20, 2013 3:34 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] And now, my SSL ignorance.... I have an IIS server that currently has a wildcard cert that expires in a few weeks. Due to licensing costs I am to replace this cert with a single web server cert, but am I correct in that I can install SSL certs at any time and the only time they take effect is when you change the SSL binding? * Install cert via IIS * Wait for appropriate service outage to flip certs then bind 443 to the new cert * Reset IIS Amirite? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229

