Import a Server Authentication Certificate to the Default Web Site

Applies To: Windows Server 2008

After you obtain a server authentication certificate from a certification authority (CA), you must manually install that certificate on the default Web site for each federation server or federation server proxy in a server farm.

For Active Directory Federation Services (AD FS)–enabled Web servers, you must manually install the server authentication certificate on the appropriate Web site or virtual directory where your federated application resides.

If you are setting up a farm, be sure to perform this procedure identically (using the exact same settings) on each of the servers in your farm.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To import a server authentication certificate to the default Web site

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the console tree, click ComputerName.

  3. In the center pane, double-click Server Certificates.

  4. In the Actions pane, click Import.

  5. In the Import Certificate dialog box, click the button.

  6. Browse to the location of the pfx certificate file, highlight it, and then click Open.

  7. Type a password for the certificate, and then click OK.

Additional references

Checklist: Installing a Federation Server

Checklist: Installing a Federation Server Proxy

Checklist: Installing an AD FS-Enabled Web Server

Certificate Requirements for Federation Servers

Certificate Requirements for Federation Server Proxies

Certificate Requirements for AD FS-Enabled Web Servers