Remove From My Forums

Procedure for requesting an x.509 federation certificate from a CA?

Question
0

Sign in to vote

Hi,

I'm trying to federate our Exchange 2010 environment with another company that is also running Exchange 2010 and I'm a little confused. After reading through TechNet and some other resources it looks like I need to get a x.509 certificate from a 3rd party CA trusted by Windows Live Domain Services. When I go through the wizard in the EMC to generate a new CSR and check off "Use this Certificate for Federated Delegation" I end up with a self signed certificate. What is the procedure for obtaining the certificate when I don't have a CSR to present to our CA?

Thanks in advance,

-j

Sunday, August 14, 2011 8:17 PM

Answers

0

Sign in to vote
You can use your existing 3rd party Cert that you are using already for other 2010 IIS services or create a self-signed exclusively for federation.

http://technet.microsoft.com/en-us/library/dd335047.aspx#certreq

If you use a valid 3rd party CA cert, then the New-FederationTrust command allows you to specify the thumb print of the cert.

http://technet.microsoft.com/en-us/library/dd351047.aspx
- Proposed as answer by Evan LiuModerator Wednesday, August 17, 2011 7:24 AM
- Marked as answer by Evan LiuModerator Sunday, August 28, 2011 8:16 AM
Sunday, August 14, 2011 10:20 PM

All replies

0

Sign in to vote
You can use your existing 3rd party Cert that you are using already for other 2010 IIS services or create a self-signed exclusively for federation.

http://technet.microsoft.com/en-us/library/dd335047.aspx#certreq

If you use a valid 3rd party CA cert, then the New-FederationTrust command allows you to specify the thumb print of the cert.

http://technet.microsoft.com/en-us/library/dd351047.aspx
- Proposed as answer by Evan LiuModerator Wednesday, August 17, 2011 7:24 AM
- Marked as answer by Evan LiuModerator Sunday, August 28, 2011 8:16 AM
Sunday, August 14, 2011 10:20 PM
0

Sign in to vote

Hi jraynes,

Any updates on this issue?

Andy is right, you can just using the third party certificate or a self-signed certificate.

Thanks,

Evan

Wednesday, August 17, 2011 7:23 AM

Moderator