Before the Web Server can be configured for AD FS, you must either create or import an HTTPS certificate for the Web Server. In an internal test environment, a self-signed certificate can be generated in the Windows Internet Information Services (IIS) Manager. In any other environment, the more secure option of an imported HTTPS certificate generated by a certificate authority is preferred.
Create an HTTPS binding for your Web Server and the HTTPS certificate.
Note:
This process can be repeated for your Application Server, but it is not required.