I want to know if it's possible to set up ADFS on a domain controller without having to use an SSL certificate, and if you must use one, is it possible to have on created/validated for free?
Asked
Active
Viewed 1,113 times
1 Answers
3
SSL certificates are required for ADFS. While I have not tried these routes, you can use self signed (not recommended,) certificate generated by your own window CA, or using Let's Encrypt(free). Avoiding using self signed is the way to go due to security implications, but you will need to establish a way to rotate certificates when they expire. Let's Encrypt will force you to rotate them often due to the nature of the service so it may be less ideal.
Keep in mind if you're integrating with other services such as 365, they'll have to trust whatever you use to generate them which is why a public CA is recommended. You'll want at a minimum the cert to be valid for your adfs url (fs.mydomain.com) and if you're using workplace join you'll also want to have certauth.fs.mydomain.com as a subject alternative name.
SteamerJ
- 403
- 2
- 7