Solved

How to create SSL certificate for ADFS 2.0

Posted on 2015-01-14
3
277 Views
Last Modified: 2015-02-18
I have just been tasked with setting up a stand alone ADFS environment. So far here is what is already in place:

ADFS-01- setup inside the network. This is going to be the actual federation services server.


ADFS proxy Server-  Setup on the perimeter network.  

Both Servers are Win2k8 R2

ADFS 2.0 installed on both Servers.

Here is the problem: when I try to proceed with ADFS configuration, I am asked to provide SSL certificate.

There is domain CA that's being used to issue certs.
Unfortunately, I am not too good with certificate servers. And the CA  server was setup prior to my employment here.  basically, I want to create an SSL cert using the CA and use that  SSL cert to complete the ADFS setup.
If anyone has a step by step guide, please be kind share that with me.

Thanks in advance.
0
Comment
Question by:b3976
  • 2
3 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 40550866
1st check if ADFS will be published on internet ?

In that case do not use CA certificate from internal CA server
U could go out and purchase 3rd party public SSL certificate, you can contact well known public CA for that (Go Daddy, entrust etc.)

If you are not going to publish ADFS on internet, then 1st you install ADFS setup on 2008 R2
http://www.microsoft.com/en-in/download/details.aspx?id=10909 - ADFS Setup
and
http://support.microsoft.com/kb/2790338 - Rollup update for ADFS 2.0

There IIS will get installed and you can request certificate from within IIS from your internal CA server
https://aaronwalrath.wordpress.com/2010/04/16/configure-a-server-certificate-for-iis-7-5/

If you want to request certificate from 3rd party CA:
https://www.digicert.com/csr-creation-microsoft-iis-7.htm
0
 

Author Comment

by:b3976
ID: 40551181
Thanks for your response. Yes, it will be published on the internet.
Getting a 3rd party cert, is that a must?
Why can't use my internal CA to issue the SSL certs?
Security issue?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40551955
For every website with certificate to work correctly from any workstation certificate chain must be already exists on workstation
Certificate chain is nothing but root certificate + Intermediate certificate
For public SSL certificates, this chain is already installed on all workstation by default with OS
As a result you will not face any issues

If you use your CA certificate, its root certificate is not installed on all outside \ internet machines and it will prompt security warning that certificate is not trusted, then you need to provide those each internet machine with root cert of your CA server and they need to install that on their computer
As a fact 3rd party certificate from public CA is highly recommended

Check below links for more information
http://msdn.microsoft.com/en-us/library/windows/desktop/aa376515(v=vs.85).aspx
http://www.entrust.com/chain-certificates/
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question