deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
ab06f49bb33e70a5d304851b12d270189f85c3d1
windows-itpro-docs/windows/security/identity-protection/hello-for-business/includes/web-server-certificate-template.md
Paolo Matarazzo 510419f1cb removed expandable sections
2023-01-23 05:45:38 -05:00

39 lines
2.0 KiB
Markdown
Raw Blame History

---
ms.date: 01/23/2023
ms.topic: include
---
### Configure an internal web server certificate template
Windows clients communicate with AD FS via HTTPS. To meet this need, a *server authentication* certificate must be issued to all the nodes in the AD FS farm. On-premises deployments can use a *server authentication* certificate issued by the enterprise PKI. A *server authentication* certificate template must be configured, so the AD FS nodes can request a certificate.
Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
1. Open the **Certification Authority** management console
1. Right-click **Certificate Templates** and select **Manage**
1. In the **Certificate Template Console**, right-click the **Web Server** template in the details pane and select **Duplicate Template**
1. On the **Compatibility** tab:
- Clear the **Show resulting changes** check box
- Select **Windows Server 2016** from the **Certification Authority** list
- Select **Windows 10 / Windows Server 2016** from the **Certificate Recipient** list
1. On the **General** tab:
- Type *Internal Web Server* in **Template display name**
- Adjust the validity and renewal period to meet your enterprise's needs
> [!NOTE]
> If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
1. On the **Request Handling** tab, select **Allow private key to be exported**
1. On the **Subject** tab, select the **Supply in the request** button if it isn't already selected
1. On the **Security** tab:
- Select **Add**
- Type **Domain Computers** in the **Enter the object names to select** box
- Select **OK**
- Select the **Allow** check box next to the **Enroll** permission
1. On the **Cryptography** tab:
- Select **Key Storage Provider** from the **Provider Category** list
- Select **RSA** from the **Algorithm name** list
- Type *2048* in the **Minimum key size** text box
- Select **SHA256** from the **Request hash** list
- Select **OK**
1. Close the console
Reference in New Issue View Git Blame Copy Permalink