Microsoft Office Tutorials and References
In Depth Information
Installing IIS on the AD FS server
6. Lastly, specify a file name for the certificate request, which you will use with a
thirdparty certificate provider or with your enterprise certificate authority.
7. Purchase an SSL certificate from a third-party certificate provider or use your
enterprise PKI infrastructure if you have one. If you plan to purchase a certificate, skip
the following “Using your enterprise certificate authority to issue a certificate” section
and go to a domain registrar such as Go Daddy to purchase the certificate.
8. Enter the federation service FQDN in your external DNS because Office 365 will need
to resolve the federation service to your AD FS server farm or proxy farm.
Using your enterprise certificate authority to issue a certificate
If you purchased your certificate from a third-party provider, you can skip this section.
Otherwise, follow these steps to have your certificate server issue you a certificate:
1. From your enterprise CA server, click Start, All Programs, and Accessories. Right-click
Command Prompt and select Run as administrator.
2. In the Command Prompt window, enter the following command:
certreq -submit -attrib "CertificateTemplate:WebServer" <path and file name of
Certificate Request file>
As shown in Figure 3-23, we issued the command and used Request.txt because that is the
file name we used when we generated the certificate request earlier.
Figure 3-23 Using the certreq command on the CA server to issue a certificate.
Installing the certificate on IIS
Regardless of whether you purchased a certificate from a domain registrar or had your CA
issue it, you should now have in your possession a certificate file, which usually has a .cer
extension as part of the file name. Follow these steps to install the certificate on your IIS
1. On the AD FS server, start IIS Manager.