Certificates used by federation server proxies

Applies To: Windows Server 2003 R2

SSL client authentication certificates

Each federation server proxy uses a Secure Sockets Layer (SSL) client authentication certificate to authenticate to the Federation Service. Any certificate with client authentication extended key usage (EKU) can be used as a federation server proxy client authentication certificate. A copy of the federation server proxy client authentication certificate is stored on both the federation server proxy and in the trust policy of the federation server. However, only the federation server proxy stores the private key that is associated with the federation server proxy client authentication certificate.

SSL server authentication certificates

The federation server proxy uses SSL server authentication certificates to secure Web services traffic for communication with Web clients. These certificates are requested and installed through the Internet Information Services (IIS) snap-in.

For more information about certificates, see Public Key Infrastructure for Windows Server 2003 on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=19936).