Obtaining a Server Certificate from a Third-party CA (IIS 6.0)
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
To obtain a server certificate from a third-party certification authority
In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
Right-click the Web site or file for which you want to request a certificate, and then click Properties.
On the Directory Security or File Security tab, under Secure communications, click Server Certificate.
In the Web Server Certificate Wizard, on the Delayed or Immediate Request page, click Prepare the request now, but send it later. By default, the certificate request file is saved as C:\Certreq.txt, but the wizard allows you to specify a different location.
Complete the rest of the steps in the Web Server Certificate Wizard and then click Finish.
Send the request to the certification authority. The CA will process the request and then send you the certificate.