Quick answer: Add HTTPS in IIS by importing the certificate (.pfx) under Server Certificates, then in the site's Bindings add an https binding on port 443 and select the certificate. Enable SNI if hosting multiple HTTPS sites on one IP, open 443 in the firewall, and add a URL Rewrite rule to force HTTPS.
Adding HTTPS to a site in IIS is a two-part job: install the certificate on the server, then bind it to the site on port 443. Here is the full process, including forcing HTTPS afterward.
You need the certificate as a .pfx file (certificate plus private key). If you purchased a certificate, complete the request and export a .pfx. In IIS Manager, select the server node, open Server Certificates, and choose Import to load the .pfx, entering its password.
For a free certificate, an ACME client for Windows can obtain and auto-renew a Let's Encrypt certificate and register it in IIS for you.
In IIS Manager, select the site, click Bindings in the right pane, then Add:
Type: https Port: 443 Host name: yourdomain.com SSL certificate: select the imported certificate
Tick Require Server Name Indication (SNI) if the server hosts several HTTPS sites on one IP, so each domain presents its own certificate.
Confirm port 443 is allowed in Windows Firewall, or external visitors cannot reach the secure site.
A certificate does not redirect HTTP traffic on its own. Install the URL Rewrite module and add a rule that redirects all HTTP requests to HTTPS, or configure the redirect at the site level. This ensures every visitor lands on the secure version.
Load https://yourdomain.com and confirm the padlock. Note the certificate expiry - purchased certificates must be renewed and re-bound before they lapse, while an ACME client handles renewal automatically.
What is SNI and when do I need it?
Server Name Indication lets multiple HTTPS sites share one IP, each presenting its own certificate.
Does the certificate redirect HTTP automatically?
No - add a URL Rewrite rule or site-level redirect to force HTTPS.
On a SoftSys managed Windows VPS our team installs and binds your SSL certificate, sets the HTTPS redirect, and tracks renewal for you, so your IIS sites stay secure without manual upkeep.