Sign up for Office 365
Learn more about Office 365
I am having problem in completing the ADFS Setup. Please assist.
at AD FS Server everything went good. However, at Proxy server the certificate causing some issue. here what i did.
- Ran adfs setup for Proxy Installation
- After completing the setup, I imported the self-signed certificate we used in ADFS Server.
- Created binding in IIS
** While doing binding, i have got an error saying " One or more intermediate certificate in the certificate chain are missing. To resolve the issue, make sure that all of the intermediate certificates are installed."
** When I ran the TEST CONNECTION at Proxy Configuration Wizard, it says " There is a problem with the SSL certificate of the specified Federation Service".
You can't use Self Signed certificates for SSO, it has to be a publicly issued certificate. Take a look here for further information:
Jorge R. Diaz
Microsoft MVP | Office 365
MCITP: Office 365 Administrator
Check out my Blog
1 out of 1 people found this post helpful.
Where did you get your certificate from? Did they supply you with an intermediate certificate to install? For example, we got ours from GoDaddy, and they supply you with two certificates - their intermediate cert, and the actual SSL cert. You have to install the intermediate cert first following these instructions: support.godaddy.com/.../installing-an-ssl-certificate-in-microsoft-iis-7
This is not issued by any Public CA. It is a self signed certificate issued by ourself.
Thanks for Jorge's response. Do you have any other questions?
Thank You !
One last question, in our case, it is not affordable to use a Public CA while testing. Is there a work around so I can get the rich clients working (OWA is fine) ? I am already in touch with jorge on this. Let me know if you have any input. I have seen in one of forum entry that it is possible to get the rich clients work even if you use the internal CA.
As per the deployment guide (outlined at Jorge’s posting), the Public CA is required for the deployment. Then, the self-signed certificate has to be a publicly issued certificate, which means with the self-signed certificate, you can’t get the rich client works besides your local AD environment, however, they would be able to work within your local AD.
How is the thing going? In addition, do you have any further questions? If so, please feel free to respond.
Actually it is possible to use a self signed cert your certificate server/authority just has to be available to validate the certificate once you accept the certificate and install it on your client OWA and activesynch will work properly you just have to manually get the certificate in the trusted root of ie
You can use self-signed certificate for the AD FS service. But you can’t use this certificate for the Rich-client and Outlook service, as the sign in process will check the certificate status.