MICROSOFT AD FS – CSR CREATION AND CERTIFICATE INSTALLATION 
 

CREATE THE SSL CERTIFICATE REQUEST (CSR)
  1. Open Server Manager
     
     
  2. Click Tools
     
     
  3. Click Internet Information Services (IIS) Manager

  1. Select the local server
     
     
  2. Select Server Certificates
     
     
  3. Click Open Feature (actions pane)

  1. Click Create Certificate Request

  1. Fill out the certificate request properties. Make sure that the common name matches what you plan to call the AD FS server farm. Microsoft best practices recommends that you use the host name STS (secure token service). In the example below, I have used the valuests.domain.com.
     
  2. Click Next

  1. Leave the Cryptographic service provider at the default
      
  2. Change the Bit Length to 2048
     
     
  3. Click Next

  1. Select a location for the request file
      
  2. Click Finish

COMPLETE THE CERTIFIFCATE REQUEST (CSR)
 
  1.  Open Server Manager
     
  2. Click Tools
     
     
  3. Click Internet Information Services (IIS) Manager

  1. Select the local server
     
     
  2. Select Server Certificates
     
     
  3. Click Open Feature (actions pane)

  1. Click Complete Certificate Request
     
  2. Select the path to the complete CSR file that you competed and downloaded from the third party certificate provider
      
  3. Enter the friendly name for the certificate
     
  4. Select Personal as the certificate store
      
  5. Click OK

  1. The certificate will be added 
ASSIGN THE COMPLETED SSL CERTIFICATE
 

Now that we have the third party certificate completed on the server, we need to assign and bind it to the default website (HTTPS port 443).
 

  1. Expand the local server
     
     
  2. Expand Sites
     
     
  3. Select Default Web Site
     
     
  4. Click Bindings (actions pane)

  1. Click Add

  1. Change the type to HTTPS
     
     
  2. Select your certificate from the drop down menu.

    Note: The certificate shown below is a multi-name SSL certificate for my lab environment. When you select your certificate, it should show sts.domain.com, which matches the competed certificate.
     

  3. Click OK

  1. Click Close

  1. Close IIS Manager

 Now that we have the required software installed and the certificate in place, we can finally configure the AD FS role and federate with Microsoft.

 

Last updated: August 25, 2017