How to create SSL certificate for ADFS 2.0

I have just been tasked with setting up a stand alone ADFS environment. So far here is what is already in place:

ADFS-01- setup inside the network. This is going to be the actual federation services server.


ADFS proxy Server-  Setup on the perimeter network.  

Both Servers are Win2k8 R2

ADFS 2.0 installed on both Servers.

Here is the problem: when I try to proceed with ADFS configuration, I am asked to provide SSL certificate.

There is domain CA that's being used to issue certs.
Unfortunately, I am not too good with certificate servers. And the CA  server was setup prior to my employment here.  basically, I want to create an SSL cert using the CA and use that  SSL cert to complete the ADFS setup.
If anyone has a step by step guide, please be kind share that with me.

Thanks in advance.
b3976Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
MaheshConnect With a Mentor ArchitectCommented:
For every website with certificate to work correctly from any workstation certificate chain must be already exists on workstation
Certificate chain is nothing but root certificate + Intermediate certificate
For public SSL certificates, this chain is already installed on all workstation by default with OS
As a result you will not face any issues

If you use your CA certificate, its root certificate is not installed on all outside \ internet machines and it will prompt security warning that certificate is not trusted, then you need to provide those each internet machine with root cert of your CA server and they need to install that on their computer
As a fact 3rd party certificate from public CA is highly recommended

Check below links for more information
http://msdn.microsoft.com/en-us/library/windows/desktop/aa376515(v=vs.85).aspx
http://www.entrust.com/chain-certificates/
0
 
MaheshArchitectCommented:
1st check if ADFS will be published on internet ?

In that case do not use CA certificate from internal CA server
U could go out and purchase 3rd party public SSL certificate, you can contact well known public CA for that (Go Daddy, entrust etc.)

If you are not going to publish ADFS on internet, then 1st you install ADFS setup on 2008 R2
http://www.microsoft.com/en-in/download/details.aspx?id=10909 - ADFS Setup
and
http://support.microsoft.com/kb/2790338 - Rollup update for ADFS 2.0

There IIS will get installed and you can request certificate from within IIS from your internal CA server
https://aaronwalrath.wordpress.com/2010/04/16/configure-a-server-certificate-for-iis-7-5/

If you want to request certificate from 3rd party CA:
https://www.digicert.com/csr-creation-microsoft-iis-7.htm
0
 
b3976Author Commented:
Thanks for your response. Yes, it will be published on the internet.
Getting a 3rd party cert, is that a must?
Why can't use my internal CA to issue the SSL certs?
Security issue?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.