Regarding the SSL certificate, there is not a unique certificate for IIS or Tomcat. They are all the same. Does https work for you when you use a self-signed certificate instead of importing one?
I have found that there IS a difference. I was using GoDaddy as my CA, and when you download the certificate, it asks your where you intend to use it. I was choosing IIS7. ArcGIS for Server would not import the intermediate certificate, and security could not be enabled. On the advice of Esri tech suppport, I chose "other" and proceded without trouble.