Managing Verification Certificates

Applies To: Windows Server 2003 R2

Servers that are running the Federation Service component of Active Directory Federation Services (ADFS) in a resource Federation Service require verification certificates to validate the security tokens that are produced by any trusted federation servers, including the same federation server.

In a federated scenario, federation servers in a resource partner also re-sign certificates. Therefore, federation servers in an account resource partner must also have verification certificates for certificates that are signed by resource federation servers.

You can add, remove, and view these certificates as needed.

Task requirements

You need the following to perform the procedures for this task:

• A federated ADFS deployment

• Exported token-signing certificate

• Active Directory Federation Services snap-in

To complete this task, perform the following procedures on an as-needed basis:

• Add a verification certificate to the trust policy

• Add a verification certificate to an account partner

• View the current verification certificate

• Remove a verification certificate

See Also

Concepts

Managing Token-signing Certificates
Rolling Over a Token-signing Certificate