This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 15%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Hi,
I would just like to ask this question in setting up nlb for adfs regarding the certificate.
How should the certificate be created? Like should adfs01 and adfs02 each have certificate issued to them by the root CA but with an additional entry in the SAN for the FQDN of the NLB cluster name?
example:
certificate SAN of adfs01
DNS=adfs01.comp.com
DNS=adfsnlb.comp.com
certificate SAN of adfs02
DNS=adfs02.comp.com
DNS=adfsnlb.comp.com
ADFS is agnostic of the load balancer situation/configuration.
You need a certificate for the FQDN of your ADFS farm. You do not need the FQDN of the nodes. You can also use a wildcard certificate such as *.comp.com. Note that if you are considering using certificate authentication, you should also include certauth.comp.com in the SAN.