Share via

Import a Server Authentication Certificate to the Default Web Site

Applies To: Active Directory Federation Services (AD FS) 2.0

After you obtain a server authentication certificate from a certification authority (CA), you must manually install that certificate on the Default Web Site for each federation server or federation server proxy in a server farm.

For Web servers, you must manually install the server authentication certificate on the appropriate Web site or virtual directory where your federated application resides.

If you are setting up a farm, be sure to perform this procedure identically—using the exact same settings—on each of the servers in your farm.


The AD FS 2.0 Management snap-in refers to server authentication certificates for federation servers as service communication certificates.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To import a server authentication certificate to the Default Web Site

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the console tree, click ComputerName.

  3. In the center pane, double-click Server Certificates.

  4. In the Actions pane, click Import.

  5. In the Import Certificate dialog box, click the button.

  6. Browse to the location of the pfx certificate file, highlight it, and then click Open.

  7. Type a password for the certificate, and then click OK.

Additional references

Checklist: Setting Up a Federation Server

Checklist: Setting Up a Federation Server Proxy

Certificate Requirements for Federation Servers

Certificate Requirements for Federation Server Proxies