Knowledge Base
How to Create a .wellknown/pki-validation Folder on a Windows IIS Server?
Overview
This guide provides step-by-step instructions to manually create a .wellknown/pki-validation directory on a Windows server hosting IIS. This setup is typically required to place a validation file (for example, sectigo.html) to support HTTP-based domain or organization validation.
Prerequisites
Before you begin, ensure you have the following:
-
Administrative access to the Windows server hosting IIS
-
Access to IIS Manager on the server
-
Permission to use Command Prompt on the server
-
The validation file content (for example, the random number provided by Sectigo)
Procedure
Step 1: Identify the Website Root Directory in IIS
Open IIS Manager, expand Sites, and select the relevant website (for example, Default Web Site).
From the Actions panel, click Explore to open the physical root directory of the site in File Explorer. This helps confirm the correct path where the folders must be created.
Step 2: Open Command Prompt
You cannot create folders starting with a dot (.) such as .wellknown using Windows File Explorer.
Open Command Prompt with appropriate privileges to create these directories.
Step 3: Navigate to the Website Root Path
Based on the IIS configuration identified earlier, navigate to the website’s physical path.
In the example provided, the path is:
C:\inetpub\wwwroot\
Step 4: Create the .wellknown Folder
Run the following command from the website root directory:
mkdir .wellknown
This command creates the .wellknown directory required for validation.
Step 5: Create the pki-validation Subfolder
Next, create the pki-validation subdirectory inside .wellknown:
mkdir .\.wellknown\pki-validation
Step 6: Create the Validation File
Navigate to:
C:\inetpub\wwwroot\.wellknown\pki-validation
Create a file named sectigo.html and paste the random validation value provided for your certificate order into this file.
Save the file once complete.
Step 7: Configure Access to the Validation File
You can make the validation file accessible using one of the following methods:
-
Option 1: Create a Virtual Directory in IIS Manager mapped to
C:\inetpub\wwwroot\.wellknown\pki-validation
-
Option 2: No IIS changes required if static content is already enabled; proceed to direct URL access.
Verification
To confirm the process was successful, open a browser and navigate to:
Verify that the file loads successfully and displays the expected random validation content, without errors such as 404 or access denied.
Related Articles: https://www.sectigo.com/knowledge-base/detail/troubleshoot-IIS-HTTPS-Binding-Error-a-specified-logon-session-does-not-exist
https://www.sectigo.com/knowledge-base/detail/complete-domain-validation-using-http-http-s-method
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
