1) Decide on a specific unused port to use for your SSL endpoint, i.e. 4567.
2) Bind your certificate to the port using netsh:
netsh http add sslcert ipport=0.0.0.0:4567 certstorename=MY certhash=<Cert Hash(sha1)> appid={<ANYGUID>}
http://stackoverflow.com/questions/537173/what-appid-should-i-use-with-netsh-exe
3) In the VAC, on the Advanced tab of the server properties, edit the "Search HTTP Service Port" setting to match your port above (e.g. 4567), and set the "Search HTTP Service Requires SSL" setting to On.
4) Set EVIndexing Web site to use SSL.
Restart the indexing service for the settings to take effect.
I had issues with point 2) needed a MS hotfix (I think, as i needed a reboot)
http://support.microsoft.com/kb/981506
I did all this but still search failed Dtraced w3wp:
4,523 10:28:24.937 [1,880] (w3wp) <5696> EV:H WinHttpRequest::OnCallback. WINHTTP_CALLBACK_STATUS_REQUEST_ERROR - Result=5, Error=12175
12175 = ERROR_WINHTTP_SECURE_FAILURE (cert issues)
you can check this manually by pasting in the WCF endpoint of the search service in IE:
To find the endpoint check in EVIndexQueryServer Dtrace:
(EVIndexQueryServer) <3064> EV-M {IndexServerSearchService} Search request on endpoint https://evfinkserver.aio.local:4567/enterprisevault/search/indexserversearchservice/authtoken/search
This gave me a cert error as my cert was bound on localhost and NOT evfinkserver.aio.local
