Import a Server Authentication Certificate to the Default Web Site
Applies To: Windows Server 2008
After you obtain a server authentication certificate from a certification authority (CA), you must manually install that certificate on the default Web site for each federation server or federation server proxy in a server farm.
For Active Directory Federation Services (AD FS)–enabled Web servers, you must manually install the server authentication certificate on the appropriate Web site or virtual directory where your federated application resides.
If you are setting up a farm, be sure to perform this procedure identically (using the exact same settings) on each of the servers in your farm.
Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To import a server authentication certificate to the default Web site
Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the console tree, click ComputerName.
In the center pane, double-click Server Certificates.
In the Actions pane, click Import.
In the Import Certificate dialog box, click the … button.
Browse to the location of the pfx certificate file, highlight it, and then click Open.
Type a password for the certificate, and then click OK.