?
Solved

How to create SSL certificate for ADFS 2.0

Posted on 2015-01-14
3
Medium Priority
?
334 Views
Last Modified: 2015-02-18
I have just been tasked with setting up a stand alone ADFS environment. So far here is what is already in place:

ADFS-01- setup inside the network. This is going to be the actual federation services server.


ADFS proxy Server-  Setup on the perimeter network.  

Both Servers are Win2k8 R2

ADFS 2.0 installed on both Servers.

Here is the problem: when I try to proceed with ADFS configuration, I am asked to provide SSL certificate.

There is domain CA that's being used to issue certs.
Unfortunately, I am not too good with certificate servers. And the CA  server was setup prior to my employment here.  basically, I want to create an SSL cert using the CA and use that  SSL cert to complete the ADFS setup.
If anyone has a step by step guide, please be kind share that with me.

Thanks in advance.
0
Comment
Question by:b3976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40550866
1st check if ADFS will be published on internet ?

In that case do not use CA certificate from internal CA server
U could go out and purchase 3rd party public SSL certificate, you can contact well known public CA for that (Go Daddy, entrust etc.)

If you are not going to publish ADFS on internet, then 1st you install ADFS setup on 2008 R2
http://www.microsoft.com/en-in/download/details.aspx?id=10909 - ADFS Setup
and
http://support.microsoft.com/kb/2790338 - Rollup update for ADFS 2.0

There IIS will get installed and you can request certificate from within IIS from your internal CA server
https://aaronwalrath.wordpress.com/2010/04/16/configure-a-server-certificate-for-iis-7-5/

If you want to request certificate from 3rd party CA:
https://www.digicert.com/csr-creation-microsoft-iis-7.htm
0
 

Author Comment

by:b3976
ID: 40551181
Thanks for your response. Yes, it will be published on the internet.
Getting a 3rd party cert, is that a must?
Why can't use my internal CA to issue the SSL certs?
Security issue?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 1500 total points
ID: 40551955
For every website with certificate to work correctly from any workstation certificate chain must be already exists on workstation
Certificate chain is nothing but root certificate + Intermediate certificate
For public SSL certificates, this chain is already installed on all workstation by default with OS
As a result you will not face any issues

If you use your CA certificate, its root certificate is not installed on all outside \ internet machines and it will prompt security warning that certificate is not trusted, then you need to provide those each internet machine with root cert of your CA server and they need to install that on their computer
As a fact 3rd party certificate from public CA is highly recommended

Check below links for more information
http://msdn.microsoft.com/en-us/library/windows/desktop/aa376515(v=vs.85).aspx
http://www.entrust.com/chain-certificates/
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question