ADFS for Sharepoint: Creating Certificates for ADFS 2.0

Hi again,

This time I will try to divide the post in a serie of post about ADFS 2.0 for SharePoint. In the first post I will talk about creating certificates for ADFS 2.0, so le’ts begin:

For setting up ADFS we need three distinct certificates: Service Communications, Token-Signing and Token-Decrypting.

  1. Service Communications Certificate
  • Used for the logon page provided by ADFS
  • This should be a public certificate since you´ll be using it for employees accessing the logon page externally.
  1. Token-Signing Certificate
  • Used for encrypting the tokens that will be provided for SharePoint.
  • Can be a public certificate or a certificate issued by your internal CA
  • Should be a 2048-bits certificate.
  1. Token-Decrypting Certificate

Depending on the type of scenario you are deploying (production or testing) you can chose to use Self-Signing Certificates, Certificates from your CA or public Certificates.

Creating Self-Signing Certificates is a pretty straightforward process and can be done within IIS. For a test scenario you can create a Self-Signing Certificate and use it for the three types of certificate.

In this post we will review how to use Certificates from our own Certification Authority following these steps:

  • Create ADFS Certificate Template

From the server where the Certificate Authority is installed, go to Server Manager/Roles/Active Directory Certificate Services

  • Request Certificates
    • Service Communications
    • Token-Singning Certificate

Token-Decrypting Certificate


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s