When you add the AD RMS server role in Microsoft Windows Server 2008 or Windows Server 2008 R2, you can configure AD RMS to use an existing SSL certificate or a self-signed certificate (which isn't recommended for production deployments), or you can defer specifying an SSL certificate so you can import the certificate later. If you choose to import the certificate later and then try to administer AD RMS, though, the console won't open. Instead, it displays suggestions for what might be wrong and how to correct the problem:

 Unfortunately, none of the suggested problems and corrections tell you how to deal with the problem.

Before you can use the AD RMS console, the Web site used by AD RMS must be configured with a valid SSL certificate. For this reason, if you do not specify an SSL certificate when you add the AD RMS role, you have to use IIS Manager to import an SSL certificate for the Web site. You can do this by following the instructions in "Import an SSL Certificate Using Internet Information Services (IIS) Manager" (http://technet.microsoft.com/en-us/library/cc731576.aspx).