Wednesday, September 09, 2015

ADFS : Self-signed certificates

If you do any work for ADFS, you'll know that these are a PIA.

You can use IIS but they are only valid for a year and ADFS no longer uses IIS in Server 2012 R2 so it's more effort to install.

There is always makecert but you have to jump through some hoops.

Then I came across this article:

Creating Self Signed Certificates with PowerShell

Fantastic - problem solved.

So the next time I did an install, I used it.

DAMN - ADFS rejects it because ADFS does not like CNG certificates (i.e. Certificate Next Generation).

Oh well - back to SelfSSL7.

Enjoy!

2 comments:

Jorge de Almeida Pinto said...

have you seen:
https://jorgequestforknowledge.wordpress.com/2015/05/23/generating-self-signed-certificates-for-testing-purposes/

nzpcmad said...

Thanks @jorge.

Always good to fill in the gaps!