locked
SSL Certificate Question... RRS feed

  • Question

  • I'm so confused...

    I'm setting up adfs for an organization that's never had it before (my first time doing this). We'll be setting up an internal adfs server and a proxy serve in their dmz.... pretty standard. They don't have a CA so we'll be getting a certificate from Digicert. My question is, when I create the certificate request on the internal server, what do I set as the common name for the cert? Do I use the fqdn of the server? Do I use what I want the service name of the adfs farm to be? I've found documentation stating both ways. It seems to me I should use the service name of the adfs farm but I can't find good documentation anywhere online for this scenario. Thanks. 

    Tuesday, April 16, 2019 6:39 PM

Answers

  • Your ADFS farm will need to be on the public domain, read Network requirements / Configuring DNS https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements#BKMK_7 

    If you can afford it, use a wildcard certificate. Explained here: Certificate requirements DNS https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, April 18, 2019 10:07 PM