HELP!!! I am trying to setup ADFS 4.0 in my environment and have run into a roadblock/hurdle that I am unsure how to proceed...well, sort of have an idea, but need confirmation.
Steps already taken
1) Extended my AD Schema to Server 2016 via media disc and ADPREP commands on my current Server 2008 R2 PDC.
(NOTE: Currently my FFL = Server 2003 & DFL = 2008)
2) Built the new Server 2016 - Standard Edition VM's on my redundant Hyper-V managers (Server 2012 R2).
(NOTE: 4 total for this setup (2 for ADFS primary & secondary servers (joined to domain) / 2 for ADFS Web App Proxy Primary and Secondary servers (joined to a workgroup))
3) Purchased a third-party CA SSL cert.
However, this is where I am stuck/stumped...with older ADFS version deployments (i.e. ADFS 2.0), required IIS installation which I could use to run a CSR on the primary ADFS server to create the SSL certificate then install it and export it and import it on the other servers in the ADFS setup, but I believe ADFS 4.0 did away with the IIS installation requirements which would make things more secure...
So, how do you create the CSR to complete the third-party CA SSL certificate for the ADFS 4.0 setup?
I thought about building a separate Windows Server 2016 - Standard Edition VM and install IIS on it for this sole purpose, but seems like a lot of time/effort to do this. I mean if it is my only option then it is what it is and I will go that route, but wanted to confirm with others if there might be other ways or a better way (i.e. best practices, etc.).
Once I have the SSL certificate then I will proceed forward with installing the ADFS server role on the server VM that will be my primary ADFS server and configure it...then I will do the same with my secondary ADFS server....then proceed to install and configure my ADFS web app proxy servers.
Any help you can provide whether suggestions, recommendations, links, articles, YouTube videos, etc. are greatly, greatly appreciated.
Thanks in advance.