Solved

Creating a self signed certificate to configure ADFS

Posted on 2014-10-14
6
2,001 Views
Last Modified: 2014-10-17
Hello Everyone,
I am trying to setup ADFS. In the setup it asks for a certificate, I think I therefore need to create a self signed certificate.

Not too big on certs, tried playing around but couldn't figure it out.

Certificate will sit on server named "SCSM-ADFS" purposed for an ADFS designed portal that will be on an extranet to be accessed by clients.

Created another server on domain with certificate authority services and IIS to aid with cert creation - not sure if this was useful or not.

Certificate needs to be able to export as a PFX due to ADFS setup requirement.

Thanks in advance
0
Comment
Question by:Sir Learnalot
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40380243
Certificate will sit on server named "SCSM-ADFS" purposed for an ADFS designed portal that will be on an extranet to be accessed by clients.

I would suggest in this instance you acquire a third party certificate.
Simply get one a go-daddy or rapid ssl etc.

You can then export to pfx for future use as needed.


To create a Self-signed cert:


Open IIS Manager and navigate to the level you want to manage.
In Features view, double-click Server Certificates.
In the Actions pane, click Create Self-Signed Certificate.
On the Create Self-Signed Certificate page, type a friendly name for the certificate in the Specify a friendly name for the certificate box, and then click OK.
0
 
LVL 6

Author Comment

by:Sir Learnalot
ID: 40380627
At the moment I am performing a test dev deployment, so a publicly signed cert wouldn't be necessary until I deploy in production...

Creating a self-signed certificate through IIS is not sufficient for 2 reasons:

1) IIS is installed on a different machine, although on the same domain this means generating a self-signed cert on the IIS machine will produce a diff. certificate than the one needed on the ADFS server

2) The certificate is too basic and lacks Subject Name, alternative DNS values, e.t.c.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40380654
Knowing the requirement as far as SAN etc would have been helpful initially.

Here is a step by step on creating a selfsigned SAN certificate using openssl:
http://apetec.com/support/GenerateSAN-CSR.htm
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Author Comment

by:Sir Learnalot
ID: 40380668
Sorry for not listing that initially, I am new to certs like I said and have not yet wrapped my head around them. Do you have any methods for creating one through a windows server? This way I can avoid working with OpenSSL and having to learn something else new entirely... Thanks in advance.
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40380696
Here is an untested powershell script which might do this for you:
http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?List=332991f0-bfed-4143-9eea-f521167d287c&ID=99


Due to the SAN requirement we cannot use makecert, hopefully the script at the location above might be easy get working.
New-SelfSignedCertificateEx.txt
0
 
LVL 6

Author Closing Comment

by:Sir Learnalot
ID: 40387363
Thank you for your feedback, I assigned you points for your effort. However I ended up solving this differently. I used www.getacert.com and it did all the work for me :)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question