Solved

Creating a self signed certificate to configure ADFS

Posted on 2014-10-14
6
2,134 Views
Last Modified: 2014-10-17
Hello Everyone,
I am trying to setup ADFS. In the setup it asks for a certificate, I think I therefore need to create a self signed certificate.

Not too big on certs, tried playing around but couldn't figure it out.

Certificate will sit on server named "SCSM-ADFS" purposed for an ADFS designed portal that will be on an extranet to be accessed by clients.

Created another server on domain with certificate authority services and IIS to aid with cert creation - not sure if this was useful or not.

Certificate needs to be able to export as a PFX due to ADFS setup requirement.

Thanks in advance
0
Comment
Question by:Sir Learnalot
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40380243
Certificate will sit on server named "SCSM-ADFS" purposed for an ADFS designed portal that will be on an extranet to be accessed by clients.

I would suggest in this instance you acquire a third party certificate.
Simply get one a go-daddy or rapid ssl etc.

You can then export to pfx for future use as needed.


To create a Self-signed cert:


Open IIS Manager and navigate to the level you want to manage.
In Features view, double-click Server Certificates.
In the Actions pane, click Create Self-Signed Certificate.
On the Create Self-Signed Certificate page, type a friendly name for the certificate in the Specify a friendly name for the certificate box, and then click OK.
0
 
LVL 6

Author Comment

by:Sir Learnalot
ID: 40380627
At the moment I am performing a test dev deployment, so a publicly signed cert wouldn't be necessary until I deploy in production...

Creating a self-signed certificate through IIS is not sufficient for 2 reasons:

1) IIS is installed on a different machine, although on the same domain this means generating a self-signed cert on the IIS machine will produce a diff. certificate than the one needed on the ADFS server

2) The certificate is too basic and lacks Subject Name, alternative DNS values, e.t.c.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40380654
Knowing the requirement as far as SAN etc would have been helpful initially.

Here is a step by step on creating a selfsigned SAN certificate using openssl:
http://apetec.com/support/GenerateSAN-CSR.htm
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 6

Author Comment

by:Sir Learnalot
ID: 40380668
Sorry for not listing that initially, I am new to certs like I said and have not yet wrapped my head around them. Do you have any methods for creating one through a windows server? This way I can avoid working with OpenSSL and having to learn something else new entirely... Thanks in advance.
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40380696
Here is an untested powershell script which might do this for you:
http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?List=332991f0-bfed-4143-9eea-f521167d287c&ID=99


Due to the SAN requirement we cannot use makecert, hopefully the script at the location above might be easy get working.
New-SelfSignedCertificateEx.txt
0
 
LVL 6

Author Closing Comment

by:Sir Learnalot
ID: 40387363
Thank you for your feedback, I assigned you points for your effort. However I ended up solving this differently. I used www.getacert.com and it did all the work for me :)
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question