No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

SSL Certificate Issue

This question is answered This question is answered

Hello Team,


I am having problem in completing the ADFS Setup. Please assist. 


at AD FS Server everything went good. However, at Proxy server the certificate causing some issue. here what i did.


- Ran adfs setup for Proxy Installation
- After completing the setup, I imported the self-signed certificate we used in ADFS Server.
- Created binding in IIS

** While doing binding, i have got an error saying " One or more intermediate certificate in the certificate chain are missing. To resolve the issue, make sure that all of the intermediate certificates are installed."

** When I ran the TEST CONNECTION at Proxy Configuration Wizard, it says " There is a problem with the SSL certificate of the specified Federation Service"
.




Verified Answer
  • You can't use Self Signed certificates for SSO, it has to be a publicly issued certificate. Take a look here for further information:

    onlinehelp.microsoft.com/.../ff652539.aspx

    Thanks,

    1 out of 1 people found this post helpful.

All Replies
  • Where did you get your certificate from? Did they supply you with an intermediate certificate to install? For example, we got ours from GoDaddy, and they supply you with two certificates - their intermediate cert, and the actual SSL cert. You have to install the intermediate cert first following these instructions: support.godaddy.com/.../installing-an-ssl-certificate-in-microsoft-iis-7

  • This is not issued by any Public CA. It is a self signed certificate issued by ourself.

  • You can't use Self Signed certificates for SSO, it has to be a publicly issued certificate. Take a look here for further information:

    onlinehelp.microsoft.com/.../ff652539.aspx

    Thanks,

    1 out of 1 people found this post helpful.

  • Hi NivilTL,

    Thanks for Jorge's response. Do you have any other questions?

    Best Regards,

    Evan Zhang

  • Thank You !

    One last question, in our case, it is not affordable to use a Public CA while testing. Is there a work around so I can get the rich clients working (OWA is fine) ? I am already in touch with jorge on this. Let me know if you have any input. I have seen in one of forum entry that it is possible to get the rich clients work even if you use the internal CA.

  • Hi NivilTL,

    As per the deployment guide (outlined at Jorge’s posting), the Public CA is required for the deployment. Then, the self-signed certificate has to be a publicly issued certificate, which means with the self-signed certificate, you can’t get the rich client works besides your local AD environment, however, they would be able to work within your local AD.

    Best Regards,

    Evan Zhang

  • Hi NivilTL,

    How is the thing going? In addition, do you have any further questions? If so, please feel free to respond.

    Thanks,

    Evan Zhang

  • Actually it is possible to use a self signed cert your certificate server/authority just has to be available to validate the certificate once you accept the certificate and install it on your client OWA and activesynch will work properly you just have to manually get the certificate in the trusted root of ie

  • Hi GeorgePR,

    You can use self-signed certificate for the AD FS service. But you can’t use this certificate for the Rich-client and Outlook service, as the sign in process will check the certificate status.

    Thanks,

    Ray Yang