Add a Federation Service Proxy certificate to the trust policy

Applies To: Windows Server 2003 R2

So that the Federation Service can authenticate the federation server proxy, the public key portion of the client authentication certificate for the federation server proxy must be added to the trust policy on a federation server with which the federation server proxy communicates. You can use the following procedure to add the client authentication certificate for the federation server proxy from a file that you have exported.

Note

The Trust Policy user interface (UI) in the Active Directory Federation Services snap-in refers to client authentication certificates for federation service proxies as Federation Service Proxy (FSP) certificates.

The Federation Service Proxy certificate should chain to a trusted root in the Federation Service. Perform this procedure on a federation server that hosts the trust policy to which you want to add a Federation Service Proxy certificate.

To add a Federation Service Proxy certificate to the trust policy

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Right-click Trust Policy, and then click Properties.

  3. On the FSP Certificates tab, click Add.

  4. In the Browse for Federation Service Proxy Certificate file dialog box, navigate to the certificate file that you want to add, select the certificate file, and then click Open.

  5. In the Trust Policy Properties dialog box, click OK.

See Also

Concepts

Checklist: Installing a federation server proxy
Certificate requirements for federation server proxies