We plan to setup ADFS for our test environment and we are require to get a certificate before configure ADFS. For Lab purpose, we are going to use Internal CA.Here is the step that we took
[Install CA roles]
Use Server Manager and Tick AD Certificate Services
- Certificate Authority
- Certificate Authority Web Enrollment
[ Create a Certificate Template]
1. Open MMC
2. Add Certificate Template | Duplicate Web Server Certificate Template
3. Modify the certificate templates
Compatibility- Maintain 2003
Request Handling – Tick Allow private key to be exported. Make sure you tick this as we need to export the certificate and import into other ADFS server.
Cryptography – Minimum key size - 2048
Security – Add Authenticated Users / Domain Users and set Enroll permission
Subject name – Supply in the request. (This option allow certificate template to visible when request from web browser)
General – Change your Certificate Template name
[ Publish Certificate Template]
1. Open Certificate Authority snap-in
2. Right click Certificate Template | New | Certificate Template to issue
3. Select the certificate template that you’ve created earlier
[ Verify and request certificate ]
1. Use browser and go to https://localhost/certsrv
2. Request a certificate | Advanced Certificate Request | Create and submit request to this CA
Check out below. We can select our own created certificate template. Let start to request a certificate with common name :- fs.ms4u.local, 2048 key size and mark key as exportable.
Install the certificate, export out using Certificate snap-in and install into each ADFS server and Web Proxy server.
That’s all for today and we have successful create own certificate template from internal CA. Next, we will setup ADFS farm and Web Proxy.