When you install IIS Express it also installs a self-signed certificate that it will use for SSL. This is not normally a problem, however, if you already have a self-signed certificate, it may result in a confusing issue where you have two certificates with the same distinguished name, like so:
And why would that be a problem? Say you are working with WCF services that need to identify themselves with certificates. You have your dev machine set up to use the self-signed certificate, like so:
Now when you go visit your service, the channel is always faulted. Why? If you turn up the WCF end-to-end logging, you'll see the following exception:
System.ServiceModel.ServiceActivationException: The service '/YourServiceHere.svc' cannot be activated due to an exception during compilation. The exception message is: Found multiple X.509 certificates using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectDistinguishedName', FindValue 'CN=localhost'. Provide a more specific find value.
Basically - Ambiguous match. Be more precise.
There is an article explaining how to use a custom SSL certificate with IIS Express that involves removing the SSL endpoint and re-creating it with the appropriate cert. Your other option, and the one I'm going with, is to identify the certificate for WCF by certificate thumbprint rather than distinguished name.
Far less human readable, to be sure, but more precise and totally unambiguous. Of course, if you're on a development team, it means everyone needs to have the same dev certificates installed. Tradeoffs, tradeoffs.
This one took me a while to figure out and caused "Hulk Smash!" style rage during the search. Hopefully I can save you the same.