Part 2 – Export, Import and Assign the Third Party Certificate

Just like the AD FS server, we need a third party certificate on the AD FS Proxy server. The AD FS Proxy server will need to have the same SSL certificate as we used on the AD FS server. The best way to do this is to export the certificate from the AD FS server and then import is on the AD FS proxy server. Once it’s on the AD FS Proxy server, we can assign it to the default website, the same way we did on the AD FS server.

 

Export the AD FS Certificate from the AD FS Server

  1. Login to the AD FS server with an Administrator account

     

  2. Open the Start Screen

     

  3. Type MMC

     

  4. Open the MMC

     

  5. MMC opens

     

  6. Click File

     

  7. Click Add/Remove Snap-in

     

  8. Select Certificates

     

  9. Click Add>

     

  10. Select Computer Account

     

  11. Click Next

     

  12. Select Local Computer

     

  13. Click Finish

     

  14. Click OK

     

  15. Expand Certificates

     

  16. Expand Personal

     

  17. Select Certificates

 

***Note*** The certificate shown below is a multi-name SSL certificate for my lab environment. Your certificate should show sts.domain.com.

  1. Right Click the third party certificate

     

  2. Select All Tasks

     

  3. Select Export

     

  4. Click Next

     

  5. Yes, Export the Private Key

     

  6. Click Next

     

  7. Export in Personal Information Exchange – PKCS #12 (.PFX)

     

  8. Select Include all certificates in the certification path if possible

     

  9. Select Export all extended properties

     

  10. Click Next

     

  11. Select Password

     

  12. Enter password

     

  13. Confirm password

     

  14. Click Next

     

  15. Enter a path to save the exported certificate

     

  16. Click Next

     

  17. Click Finish

     

  18. Successful

     

  19. Copy the exported certificate to the AD FS Proxy Server

 

Import the AD FS Certificate to the AD FS Proxy Server

 

  1. Login to the AD FS Proxy server with an Administrator account

     

  2. Open the Start Screen

     

  3. Type MMC

     

  4. Open the MMC

     

  5. MMC opens

     

  6. Click File

     

  7. Click Add/Remove Snap-in

     

  8. Select Certificates

     

  9. Click Add>

     

  10. Select Computer Account

     

  11. Click Next

     

  12. Select Local Computer

     

  13. Click Finish

     

  14. Click OK

     

  15. Expand Certificates

     

  16. Expand Personal

     

  17. Right Click Certificates

     

  18. Select Import

     

     

  19. Select Local Machine

     

  20. Click Next

     

  21. Browse to the Exported Certificate

     

  22. Click Next

     

  23. Enter Password

     

  24. Mark the key as exportable

     

  25. Click Next

     

  26. Place in the Personal certificate store

     

  27. Click Next

     

  28. Click Finish

     

  29. Successful

 

Assign the Imported Certficate

 

Now that we have the third party certificate imported on the server, we need to assign and bind it to the default website (HTTPS port 443).

  1. Open Server Manager

     

  2. Click Tools

     

  3. Click Internet Information Services (IIS) Manager

     

  4. Expand the local server

     

  5. Expand Sites

     

  6. Select Default Web Site

     

  7. Click Bindings (actions pane)

     

  8. Click Add

     

  9. Change the type to HTTPS

     

  10. Select your certificate from the drop down menu.

     

    ***Note*** The certificate shown below is a multi-name SSL certificate for my lab environment. When you select your certificate, it should show sts.domain.com, which matches the competed certificate.

     

  11. Click OK

     

  12. Click Close

     

  13. Close IIS Manager

Now that our certificates are taken care of, we can continue to the last step; completing the AD FS Proxy server setup.

 

Getting to know the NEW Office 365

  1. Does Microsoft have FREE training for the NEW Office 365?
  2. Signing up for the NEW Office 365
  3. Adding and Verifying a Domain for the NEW Office 365
  4. Creating Cloud Users for the NEW Office 365
  5. Configuring Desktops for the NEW Office 365
  6. Exchange 2003 Cutover Migration to the NEW Office 365
  7. Exchange 2007 Cutover Migration to the NEW Office 365
  8. Setting up AD FS and Enabling Single Sign-On to the NEW Office 365
  9. Setting up AD FS Proxy Servers for Single Sign-On to the NEW Office 365
  10. Setting up Directory Synchronization with the NEW Office 365
  11. Activating and Licensing a Synchronized User in the NEW Office 365
  12. Testing Single Sign-on to the NEW Office 365
  13. Making the Single Sign-On Solution Highly Available
  14. Exchange Hybrid Deployment with the NEW Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Leave a Reply