Tuesday, November 22, 2011

ADFS : Choosing the certificate name

ADFS uses three certificates:
  • Service communications for encrypting the message
  • Token-decrypting for "encrypting" the token
  • Token-signing for signing  the token
The service communications certificate is essentially the SSL certificate that you have configured for the SSL session on the IIS that hosts ADFS. (Yes - folks - it is basically an IIS site - look for it under \inetpub\adfs\ls).

When you configure the certificate for SSL, you need to give it the full name of the site e.g. "contuso.co.uk". Don't just give it the name "contuso". If you do, ADFS will reject it when you install ADFS and will ask for a certificate that has "dots" in it.

Actually, the real error is "ADFS requires full name for certificate".

Just saying.

Enjoy!

No comments: