Set a Service Communications Certificate

 

Applies To: Windows Server 2012

Federation servers in Active Directory Federation Services (AD FS) use the service communications certificate to secure Web services traffic for Secure Sockets Layer (SSL) communication with Web clients or with federation server proxies. This is the same certificate that a federation server uses as the SSL certificate in Internet Information Services (IIS).

You can use the following procedure to change the service communications certificate with the AD FS Management snap-in.

Note

The AD FS Management snap-in refers to server authentication certificates for federation servers as service communication certificates.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To set a service communications certificate

  1. On the Start screen, type AD FS Management, and then press ENTER.

  2. In the console tree, double-click Service, and then click Certificates.

  3. In the Actions pane, click the Set Service Communications Certificate link.

  4. In the Select a service communications certificate dialog box, navigate to the certificate file that you want to set as the service communications certificate, select the certificate file, and then click Open.

Additional references

Checklist: Setting Up a Federation Server

Certificate Requirements for Federation Servers