Solved

ADFS setup with multiple domains. Certificate and A records requirements for multiple domains.

Posted on 2014-03-03
3
3,044 Views
Last Modified: 2014-03-03
Hello,
I just wanted to verify if you need to use several UPNs and federate several domains with one ADFS server for Office 365, do you need an additional names for each on the cert as well as A record in external DNS to point to ADFS proxy?

I am reading that you only need one A record to point to the FQDN of your ADFS farm and just one name on the cert? Correct?

Also, on the cert, does the FQDN of the server farm needs to be common name or it can just be alternative name? So, if this can be an alternative name, then we can use the UCC cert, for example, from the Hybrid server, and just add adfs.domain.com as an alternative name? What is the best practice? Is it best to buy a separate certificate for ADFS server with common name as adfs.domain.com?

Please, advice.
Thank you very much.
0
Comment
Question by:claudiamcse
3 Comments
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39901590
The subject name should point to the FQDN, if you only have the FQDN added to the SAN it might not work: http://technet.microsoft.com/en-us/library/hh341473.aspx

You do not need certificates for other domains, only for the AD FS endpoint. The recommended setup is to create the DNS record sts.domain.com, select the  endpoint sts.domain.com during AD FS setup and select the corresponding SSL certificate with sts.domain.com subject name. The names of course can be different, just make sure all these three pieces match.

You do not need separate certificates for subdomains as well.

Here is also another thread on the community forums that discusses this, and it might help with the other issue you are facing:

http://community.office365.com/en-us/forums/613/p/43477/149671.aspx
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39901595
You'll find all of your answers here:
http://community.office365.com/en-us/forums/613/t/195339.aspx

(and perhaps answers to a few things you haven't asked yet)  :-)
0
 

Author Closing Comment

by:claudiamcse
ID: 39901708
Thank you very much! Excellent.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Microsoft Office Picture Manager has a Picture Shortcuts pane that shows a list with the Recently Browsed folders. While creating my video Micro Tutorial here at Experts Exchange showing How to Install Microsoft Office Picture Manager in Office 2013…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now