• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3631
  • Last Modified:

ADFS setup with multiple domains. Certificate and A records requirements for multiple domains.

I just wanted to verify if you need to use several UPNs and federate several domains with one ADFS server for Office 365, do you need an additional names for each on the cert as well as A record in external DNS to point to ADFS proxy?

I am reading that you only need one A record to point to the FQDN of your ADFS farm and just one name on the cert? Correct?

Also, on the cert, does the FQDN of the server farm needs to be common name or it can just be alternative name? So, if this can be an alternative name, then we can use the UCC cert, for example, from the Hybrid server, and just add adfs.domain.com as an alternative name? What is the best practice? Is it best to buy a separate certificate for ADFS server with common name as adfs.domain.com?

Please, advice.
Thank you very much.
1 Solution
Vasil Michev (MVP)Commented:
The subject name should point to the FQDN, if you only have the FQDN added to the SAN it might not work: http://technet.microsoft.com/en-us/library/hh341473.aspx

You do not need certificates for other domains, only for the AD FS endpoint. The recommended setup is to create the DNS record sts.domain.com, select the  endpoint sts.domain.com during AD FS setup and select the corresponding SSL certificate with sts.domain.com subject name. The names of course can be different, just make sure all these three pieces match.

You do not need separate certificates for subdomains as well.

Here is also another thread on the community forums that discusses this, and it might help with the other issue you are facing:

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You'll find all of your answers here:

(and perhaps answers to a few things you haven't asked yet)  :-)
claudiamcseAuthor Commented:
Thank you very much! Excellent.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now