SSL Certicate requirement for ADFS

MSguyKunal 1 Reputation point
2021-10-04T08:00:44.157+00:00

Hi,

I am completely a beginner at ADFS setup and have deployment queries.
We have a single Active Directory environment(Abc.com). in this environment, we have users whose logon Names are of different Suffixes like user@jaswant .com/ user@xyz .com /etc. Deploying One Adfs farm with 2 ADFS servers and there are 2 Web application proxy servers deployed to forward requests to ADFS servers. Application is hosted outside the network then users will log in with their email addresses.

Now, Do I need a different ADFS certificate for different Suffixes or a Single Wild Card certificate with Primary Active Directory forest domain abc.com

Need help on the same.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,223 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,171 Reputation points Microsoft Employee
    2021-10-06T01:14:13.377+00:00

    The requirement of the suffixes being in the certificate is solely for ADFS Device Registration (which let's say it, is very rarely used nowaday as Azure AD joined and Hybrid Azure AD joined are the prefered way for registration and these do not leverage the ADFS Device Registration). So unless you want to use that feature, you can use whatever name you want for your ADFS server as long as the name can be resolved both externally and internally (they will have to resolve to different IP addresses, but that's a different topic, do ask if you need more info on that though). Just be be clear, if your users are in abc.com and xyz.com you can absolutely use a def.net for your ADFS (so something like fs.def.net for the FQDN of the farm).

    0 comments No comments