> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Deploy the Microsoft IIS service

> Deploy the Microsoft IIS service in CryptoHub, whose role owns the key store and issues the TLS certificate for the IIS server.

Deploy the **Microsoft IIS** service in CryptoHub first. This service's **role** owns the key store where the TLS key pair is generated and holds the certificate you issue through PKI Management; you grant that role **Use** on the key and certificate later. The client endpoint you add to this service (next section) installs the FXCL CNG provider on the IIS server and authenticates it back to this service.

<Note>
  Deploy the **Microsoft IIS** service template, which drives the `libfxcl-cng.dll` install and
  grants the role the certificate and key permissions this integration needs. Note the **role**
  name assigned to the service during deployment; you reference it when you create the container,
  key store, and certificate in [Create and export the key and certificate on the CryptoHub](/Integrations/CryptoHub/TLS_offloading/Microsoft_IIS/Create_the_key_and_certificate).
</Note>

Complete the following steps to deploy the service in CryptoHub:

<Steps>
  <Step>
    Log in to the CryptoHub under dual control using your administrator identities.
  </Step>

  <Step>
    Select the **Microsoft IIS** service and select **\[ Deploy ]**.
  </Step>

  <Step>
    Configure the following **Service Setup** settings:

    * **Service Name**: The name of the application. Leave as default.
    * **Service Category**: The category the service falls under. Leave as default.

    Select **\[ Next ]**.
  </Step>

  <Step>
    Configure the following **Access Control** settings:

    * **Authorized Resources**: The role you are logged in with has access to the service by
      default.
    * **Add Additional Resources**: Optional.

    Select **\[ Next ]**.
  </Step>

  <Step>
    Configure the following **Service Info** setting:

    * **Authentication Mechanism**: Leave it set to the default authentication mechanism.

    Select **\[ Deploy ]**.

    <Check>
      The **Microsoft IIS** service is deployed and visible in CryptoHub, with a **role** assigned
      to it. Note the role name; you grant it **Use** on the key and certificate.
    </Check>
  </Step>
</Steps>

Continue to [Install and configure FXCL CNG](/Integrations/CryptoHub/TLS_offloading/Microsoft_IIS/Install_and_configure_FXCL_CNG) to add a client endpoint to this service and install the provider on the IIS server.
