Breadcrumbs

Generate SSL Certificate, Token Signing Certificate and Token Decryption Certificate

  1. Add the AD FS server to domain if not added.

  2. Log in to the AD FS server as a domain administrator.

  3. Open Start and Run, then type “certlm.msc”. This will open the certificate for the Local Computer.

  4. Go to Personal and right-click on All Tasks. Then, select Request New Certificate.

tmpuabm16di.jpg

Certificate console

  1. Click Next, Select Active Directory Enrollment Policy, then click on the down arrow button. The certificate template that you have configured, the ADFSCertificateTemplate, will be displayed.

tmphil6wql6.jpg

Certificate enrollment

tmp0vumpmom.jpg

Certificate enrollment

  1. Click on Properties of the certificate template.

  2. The Certificate Properties will open. Provide the details for the certificate.

  3. Click on the Private Key tab and make sure that RSA, Utimaco CryptoServer Key Storage Provider is selected.

tmpfijm1jdz.jpg

Certificate properties

  1. Click apply and OK.

  2. Click Enroll to enroll the SSL certificate. Click on Finish.

tmpy11a3sek.jpg

Certificate installation results

If you are using Smartcard Authentication, the PIN Pad device will prompt to insert the Smartcard and enter the PIN. Then, press the OK button on the PIN Pad.

  1. Repeat the above steps to generate the Token Signing Certificate and the Token Decryption Certificate.

tmpmp4ru2ny.jpg

Certificate window