IIS 7 SSL Certificate

* Open IIS Manager
* Select server name, e.g. ADFSSVR1
* Double click Server Certificates

* Select Create Certificate Request…

* Enter Common Name etc

* Select Cryptographic Service Provider properties

* Specify a file name to save request file, i.e. CSR file name

* Click Finish

This example uses AD Certificate Services to sign CSR
* Point browser to ADCS, e.g. https://exchangesvr1/certsrv/Default.asp

* Click Request a certificate
* Click advanced certificate request

* Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file

* Cut and paste CSR file content,
– Certificate Template: Web Server

* Click Submit

* Click Download certificate and save signed certificate file, e.g. adfssvr1.exchange.local.cer
* Optionally, download the certificate chain file which contains CA root certificate in addition to the signed certificate.

* Back to IIS Manager > Server Certificates
* Click Complete Certificate Request…

* Browse to signed certificate file and enter a friendly name, e.g. adfssvr1.exchange.local

* Completed:

* Back to IIS Manager
* Right Default Web Site and select Edit Binding…

* Select https Type and click Edit…
* Select SSL certificate

* Alway create a new certificate request
* Do not use Renew certificate function of IIS since there is a security bug with the renew function.

* Installing an SSL Certificate in Windows Server 2008 (IIS 7.0)