Export (0) Print
Expand All
3 out of 5 rated this helpful - Rate this topic

Trusted Root Certification Authorities for Federation Trusts

 

Applies to: Exchange Server 2013

Topic Last Modified: 2014-02-15

To establish a federation trust between your Microsoft Exchange Server 2013 organization and the Windows Azure Active Directory authentication system, you need a digital certificate installed on the Exchange server used to create the trust. We strongly recommend using a self-signed certificate. A self-signed certificate is created and installed automatically when using the Enable federation trust wizard in the Exchange Administration Center (EAC).

If you don't want to use the recommended self-signed certificate, you should request and install an X.509 Secure Sockets Layer (SSL) certificate from a certification authority (CA) trusted by Microsoft. Although certificates issued by other CAs may also be used to establish a federation trust with the Windows Azure AD authentication system, they aren't certified by Microsoft to date.

The following table lists CAs currently trusted Microsoft. These CAs have been tested for use with Exchange 2013.

 

CA friendly name Issued by Intended purposes

Comodo

Comodo Certification Authority

Server authentication, client authentication

Digicert

Digicert Global Root Certification Authority

‎Server authentication, client authentication

Digicert High Assurance EV

Digicert Global Root Certification Authority

‎Server authentication, client authentication

Entrust

Entrust.net Secure Server Certification Authority

Server authentication, client authentication

Entrust (2048)

Entrust.net Secure Server Certification Authority

Server authentication, client authentication

Equifax

Equifax Secure Certification Authority

‎‎Server authentication, client authentication

GlobalSign

GlobalSign Certification Authority

‎Server authentication, client authentication

Go Daddy

Go Daddy Class 2 Certification Authority

‎Server authentication, client authentication

Network Solutions

Network Solutions Certification Authority

Server authentication, client authentication

PositiveSSL

Comodo Certification Authority

‎Server authentication, client authentication

SECOM

SECOM Trust Systems Certification Authority

‎Server authentication, client authentication

UTN-UserFirst-Hardware

Comodo Certification Authority

Server authentication, client authentication

VeriSign

Class 3 Public Primary Certification Authority

Server authentication, client authentication

VeriSign

VeriSign Trust Network

‎Server authentication, client authentication

For more information about certificate requirements for Federation, see Federation.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.