Procedure for requesting an x.509 federation certificate from a CA?
Hi,
I'm trying to federate our Exchange 2010 environment with another company that is also running Exchange 2010 and I'm a little confused. After reading through TechNet and some other resources it looks like I need to get a x.509 certificate from
a 3rd party CA trusted by Windows Live Domain Services. When I go through the wizard in the EMC to generate a new CSR and check off "Use this Certificate for Federated Delegation" I end up with a self signed certificate. What is the procedure for
obtaining the certificate when I don't have a CSR to present to our CA?
Thanks in advance,
-j
August 14th, 2011 11:17pm
You can use your existing 3rd party Cert that you are using already for other 2010 IIS services or create a self-signed exclusively for federation.
http://technet.microsoft.com/en-us/library/dd335047.aspx#certreq
If you use a valid 3rd party CA cert, then the New-FederationTrust command allows you to specify the thumb print of the cert.
http://technet.microsoft.com/en-us/library/dd351047.aspx
Free Windows Admin Tool Kit Click here and download it now
August 15th, 2011 1:20am
Hi jraynes,
Any updates on this issue?
Andy is right, you can just using the third party certificate or a self-signed certificate.
Thanks,
Evan
August 17th, 2011 10:23am