Solved

How to create SSL certificate for ADFS 2.0

Posted on 2015-01-14
3
249 Views
Last Modified: 2015-02-18
I have just been tasked with setting up a stand alone ADFS environment. So far here is what is already in place:

ADFS-01- setup inside the network. This is going to be the actual federation services server.


ADFS proxy Server-  Setup on the perimeter network.  

Both Servers are Win2k8 R2

ADFS 2.0 installed on both Servers.

Here is the problem: when I try to proceed with ADFS configuration, I am asked to provide SSL certificate.

There is domain CA that's being used to issue certs.
Unfortunately, I am not too good with certificate servers. And the CA  server was setup prior to my employment here.  basically, I want to create an SSL cert using the CA and use that  SSL cert to complete the ADFS setup.
If anyone has a step by step guide, please be kind share that with me.

Thanks in advance.
0
Comment
Question by:b3976
  • 2
3 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 40550866
1st check if ADFS will be published on internet ?

In that case do not use CA certificate from internal CA server
U could go out and purchase 3rd party public SSL certificate, you can contact well known public CA for that (Go Daddy, entrust etc.)

If you are not going to publish ADFS on internet, then 1st you install ADFS setup on 2008 R2
http://www.microsoft.com/en-in/download/details.aspx?id=10909 - ADFS Setup
and
http://support.microsoft.com/kb/2790338 - Rollup update for ADFS 2.0

There IIS will get installed and you can request certificate from within IIS from your internal CA server
https://aaronwalrath.wordpress.com/2010/04/16/configure-a-server-certificate-for-iis-7-5/

If you want to request certificate from 3rd party CA:
https://www.digicert.com/csr-creation-microsoft-iis-7.htm
0
 

Author Comment

by:b3976
ID: 40551181
Thanks for your response. Yes, it will be published on the internet.
Getting a 3rd party cert, is that a must?
Why can't use my internal CA to issue the SSL certs?
Security issue?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40551955
For every website with certificate to work correctly from any workstation certificate chain must be already exists on workstation
Certificate chain is nothing but root certificate + Intermediate certificate
For public SSL certificates, this chain is already installed on all workstation by default with OS
As a result you will not face any issues

If you use your CA certificate, its root certificate is not installed on all outside \ internet machines and it will prompt security warning that certificate is not trusted, then you need to provide those each internet machine with root cert of your CA server and they need to install that on their computer
As a fact 3rd party certificate from public CA is highly recommended

Check below links for more information
http://msdn.microsoft.com/en-us/library/windows/desktop/aa376515(v=vs.85).aspx
http://www.entrust.com/chain-certificates/
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now