This time I will try to divide the post in a serie of post about ADFS 2.0 for SharePoint. In the first post I will talk about creating certificates for ADFS 2.0, so le’ts begin:
For setting up ADFS we need three distinct certificates: Service Communications, Token-Signing and Token-Decrypting.
- Service Communications Certificate
- Used for the logon page provided by ADFS
- This should be a public certificate since you´ll be using it for employees accessing the logon page externally.
- Token-Signing Certificate
- Used for encrypting the tokens that will be provided for SharePoint.
- Can be a public certificate or a certificate issued by your internal CA
- Should be a 2048-bits certificate.
- Token-Decrypting Certificate
Depending on the type of scenario you are deploying (production or testing) you can chose to use Self-Signing Certificates, Certificates from your CA or public Certificates.
Creating Self-Signing Certificates is a pretty straightforward process and can be done within IIS. For a test scenario you can create a Self-Signing Certificate and use it for the three types of certificate.
In this post we will review how to use Certificates from our own Certification Authority following these steps:
- Create ADFS Certificate Template
From the server where the Certificate Authority is installed, go to Server Manager/Roles/Active Directory Certificate Services
- Request Certificates
- Service Communications
- Token-Singning Certificate