Procedure for requesting an x.509 federation certificate from a CA?
Hi, I'm trying to federate our Exchange 2010 environment with another company that is also running Exchange 2010 and I'm a little confused. After reading through TechNet and some other resources it looks like I need to get a x.509 certificate from a 3rd party CA trusted by Windows Live Domain Services. When I go through the wizard in the EMC to generate a new CSR and check off "Use this Certificate for Federated Delegation" I end up with a self signed certificate. What is the procedure for obtaining the certificate when I don't have a CSR to present to our CA? Thanks in advance, -j
August 14th, 2011 4:24pm

You can use your existing 3rd party Cert that you are using already for other 2010 IIS services or create a self-signed exclusively for federation. http://technet.microsoft.com/en-us/library/dd335047.aspx#certreq If you use a valid 3rd party CA cert, then the New-FederationTrust command allows you to specify the thumb print of the cert. http://technet.microsoft.com/en-us/library/dd351047.aspx
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2011 6:26pm

Hi jraynes, Any updates on this issue? Andy is right, you can just using the third party certificate or a self-signed certificate. Thanks, Evan
August 17th, 2011 3:24am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics