ADFS Token Signing Certificate

Hello,
I am currently setting up an ADFS farm and I would like to utilize our internal CA for the Token Signing certificate however I do not know which template to use. I have not found anything specific except to use 2048 encryption if possible. Does anyone have a suggestion of the best certificate to use for this? Thanks.
Damon RodriguezDirector of Business TechnologyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jamie McKillopIT ManagerCommented:
Hello,

The token-signing certificate and token-decrypting certificates are generated by the ADFS server itself, not by a certificate authority. The certificate you need from a CA is the service communications certificate, which is a normal SSL cert. If you are going to use an internal CA for this cert, you need to ensure that all systems that will be using ADFS have your CA's root cert in their certificate store.

JJ
0
Damon RodriguezDirector of Business TechnologyAuthor Commented:
We used a wilcard cert for the service communications certificate already. For some reason I thought best practices dictated that we use an internal CA cert for Token Signing. If you look at the diagram at the bottom it is recommended to use an internal CA.

http://technet.microsoft.com/en-us/library/dd807040.aspx
0
Jamie McKillopIT ManagerCommented:
You are correct. The best security would be to use a certificate from your internal CA. You should be able to use the web server template.

JJ
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Damon RodriguezDirector of Business TechnologyAuthor Commented:
Thank you that's what we will use.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.