Microsoft Office Tutorials and References
In Depth Information
Installing IIS on the AD FS server
You need a security certificate to protect your AD FS server. AD FS relies on the IIS default
website, which needs to be protected by an SSL certificate, to secure the communications
between the client computer and the AD FS server.
Credentials are transmitted over this SSL connection, so it is important that the connection
is encrypted. The SSL certificate also identifies the federation server, giving users
confidence that they are authenticating to the organization and not a server impersonating as
Setting up the certificate is fairly straightforward. When you install the AD FS server later in
the “Installing and configuring AD FS 2.0” section, you will see that the AD FS installation
will use the default website in IIS, which is why we installed IIS first.
You have the option to purchase an SSL certificate from a known certificate authority (CA),
or you can use your enterprise CA if you have one.
Creating the certificate request
Follow these steps to create a certificate request:
1. Click Start, click Administrative Tools, and then click Internet Information Services (IIS)
2. In the IIS MMC, select the IIS server. In the middle pane, scroll down until you see
Server Certificates, then double-click the icon, as shown in Figure 3-19.
Figure 3-19 Select the Server Certificates option in IIS Manager MMC.