Change the client authentication certificate that a federation server proxy uses

Applies To: Windows Server 2003 R2

In Active Directory Federation Services (ADFS), the federation server proxy uses a client authentication certificate to communicate securely with the federation server. If you have installed a new client authentication certificate on a federation server proxy and you want that certificate to be used, you will need to select that certificate in ADFS.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To change the client authentication certificate on a federation server proxy

1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

2. Right-click Federation Service Proxy, and then click Properties.

3. On the General tab, under FSP client authentication certificate, click Select.

4. In the Select Certificate dialog box, click the client authentication certificate that you want to use, and then click OK.

5. In the Federation Service Proxy Properties dialog box, click OK.

6. If the certificate is not trusted by any of the trusted toot certification authorities, after you click OK, a Federation Service message box appears, stating: "The Federation Service is running as an account that does not have access to the certificate private key. Do you want to grant permission to this account to read the private key?" Click Yes so that the certificate is trusted.

7. On the General tab, under Token-signing certificate, click View to check that the selected certificate is being used.