adfs nlb certificate question

Janus Bariñan 1,101 Reputation points
2020-10-18T16:11:22.337+00:00

Hi,

I would just like to ask this question in setting up nlb for adfs regarding the certificate.
How should the certificate be created? Like should adfs01 and adfs02 each have certificate issued to them by the root CA but with an additional entry in the SAN for the FQDN of the NLB cluster name?

example:
certificate SAN of adfs01
DNS=adfs01.comp.com
DNS=adfsnlb.comp.com

certificate SAN of adfs02
DNS=adfs02.comp.com
DNS=adfsnlb.comp.com

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,164 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,151 Reputation points Microsoft Employee
    2020-10-18T19:55:56.277+00:00

    ADFS is agnostic of the load balancer situation/configuration.

    You need a certificate for the FQDN of your ADFS farm. You do not need the FQDN of the nodes. You can also use a wildcard certificate such as *.comp.com. Note that if you are considering using certificate authentication, you should also include certauth.comp.com in the SAN.

    0 comments No comments