Export the public key portion of a client authentication certificate

  • Article

Applies To: Windows Server 2003 R2

The public key portion of a client authentication certificate for the federation server proxy must be added to the trust policy on a federation server so that the Federation Service can authenticate the federation server proxy. By exporting the public key portion of the client authentication certificate, you create a file that can be imported into the trust policy. You can use the following procedure on the federation server proxy computer to export the public key portion of its client authentication certificate.

To export the public key portion of a client authentication certificate

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Right-click Federation Service Proxy, and then click Properties.

  3. On the General tab, under FSP client authentication certificate, click View.

  4. In the Certificate dialog box, click the Details tab, and then click Copy to File.

  5. On the Welcome to the Certificate Export Wizard page, click Next.

  6. On the Export Private Key page, ensure that No, do not export the private key is selected, and then click Next.

  7. On the Export File Format page, ensure that DER encoded binary X.509 (.CER) is selected, and then click Next.

  8. On the File to Export page, type or browse to the location and file name that you want to use for the exported certificate, and then click Next.

  9. On the Completing the Certificate Export Wizard page, verify that the information that you provided is accurate, and then click Finish.

  10. In the Certificate Export Wizard dialog box, click OK.

  11. In the Certificate dialog box, click OK.

  12. In the Federation Service Properties dialog box, click OK.

See Also

Concepts

Checklist: Installing a federation server proxy
Certificate requirements for federation server proxies