mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 19:33:37 +00:00
2.0 KiB
2.0 KiB
ms.date, ms.topic
| ms.date | ms.topic |
|---|---|
| 01/23/2023 | include |
Configure an internal web server certificate template
Windows clients communicate with AD FS via HTTPS. To meet this need, a server authentication certificate must be issued to all the nodes in the AD FS farm. On-premises deployments can use a server authentication certificate issued by the enterprise PKI. A server authentication certificate template must be configured, so the AD FS nodes can request a certificate.
Sign in to a CA or management workstations with Domain Administrator equivalent credentials.
- Open the Certification Authority management console
- Right-click Certificate Templates and select Manage
- In the Certificate Template Console, right-click the Web Server template in the details pane and select Duplicate Template
- On the Compatibility tab:
- Clear the Show resulting changes check box
- Select Windows Server 2016 from the Certification Authority list
- Select Windows 10 / Windows Server 2016 from the Certificate Recipient list
- On the General tab:
- Type Internal Web Server in Template display name
- Adjust the validity and renewal period to meet your enterprise's needs
Note
If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
- On the Request Handling tab, select Allow private key to be exported
- On the Subject tab, select the Supply in the request button if it isn't already selected
- On the Security tab:
- Select Add
- Type Domain Computers in the Enter the object names to select box
- Select OK
- Select the Allow check box next to the Enroll permission
- On the Cryptography tab:
- Select Key Storage Provider from the Provider Category list
- Select RSA from the Algorithm name list
- Type 2048 in the Minimum key size text box
- Select SHA256 from the Request hash list
- Select OK
- Close the console