For production environments, obtain a domain certificate from a trusted certificate authority. Import the certificate to the trusted root certificate store of all machines on which you intend to install the Website Component and Manager Service (the IIS machines) during the IaaS installation.


You must disable TLS1.2 for certificates using SHA512 on Windows 2012 machines. For more information about disabling TLS1.2, consult the Microsoft Knowledge Base article at


  1. Obtain a certificate from a trusted certificate authority.
  2. Open the Internet Information Services (IIS) Manager.
  3. Double-click Server Certificates from Features View.
  4. Click Import in the Actions pane.
    1. Enter a file name in the Certificate file text box, or click the browse button (…), to navigate to the name of a file where the exported certificate is stored.
    2. Enter a password in the Password text box if the certificate was exported with a password.
    3. Select Mark this key as exportable.
  5. Click OK.
  6. Click on the imported certificate and select View.
  7. Verify that the certificate and its chain is trusted.

    If the certificate is untrusted, you see the message, This CA root certificate is not trusted.


    You must resolve the trust issue before proceeding with the installation. If you continue, your deployment fails.

  8. Restart IIS or open an elevated command prompt window and type iisreset.

What to do next

Download the IaaS Installer.