Re: ADFS Token-signing Certs Not in Trusted Root Store
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 9 Oct 2006 12:04:07 -0500
I have not had this problem. Our token signing certs are issued from a CA
that chains up to a standard Windows trusted root though.
How is your certificate issued?
The thing we can never get to work is CRL verification. For whatever
reason, we cannot get all of the CA's in the chain to verify properly, so we
end up having to disable CRL verification in the trust policy manually.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Susieber" <Susieber@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:50E66143-35F8-42BD-A4FD-946EB77C65AD@xxxxxxxxxxxxxxxx
Each time I run Active Directory Federation Services setup in one of our
labs
I run into this problem: the token-signing certificate created by ADFS
setup
on each federation server is not trusted by the root. In other words, if
you
run the ADFS mmc, right-click on Federation Service, click Properties, and
click the View button, you'll see that the certificate is not trusted.
So each time I set up ADFS, I manually import this certificate into the
Trusted Root Authorities store on each federation server.
Anyone else having to do this? Looks like a bug to me but I wanted to
check
here first.
Susie
.
- Prev by Date: Re: ADFS Step by Step
- Next by Date: Re: Logging OU movement
- Previous by thread: Re: Slow login into Domain Controller
- Next by thread: Re: ADFS Token-signing Certs Not in Trusted Root Store
- Index(es):
Loading
