I'm following the following tutorial Configuring SharePoint 2010 and ADFS v2 End to End
Because i want to use a single sign on between my sharepoint and crm 2011.
I have a sharepoint server, a crm server and an SQL server with ad fs 2.0.
When following the tutorial mentioned above. I come at the instruction to export the certificate used by adfs to sign the tokens it sends out.
"ADFS uses a certificate to sign the tokens it sends out."
But when i look at my certificate,
"… but there will always be ONLY one Primary token signing certificate. Click on that certificate, and then click on the View Certificate link in the right pane."
Blockquote
then i see that my certificate don't contains a private key. I first didn't notice the difference between the screenshot in the tutorial and what i could see on my screen. But when i tried to import my certificate to the sharepoint server, i got an error saying that the certificate does not contain a private key.
How should i solve this problem? I'm trying for a long time to get this set up but every time something else goes wrong. I hope i can finish this soon with maybe a little help here on SO 😉
Thanks!
Best Answer
ADFS uses three certificates:
Only the first has a private key. The other two are created when you install ADFS.
If you look at the tutorial, you'll see:
"In this particular case I chose to use the certificate I created for SSL on the ADFS web site. I’m not suggesting that this is needed or even recommend; it’s just what I chose to do. Now that you are viewing the certificate, click on the Details tab at the top of the dialog."
So what you need to do is add a token-signing certificate and choose for this purpose the SSL certificate. That way you will have a private key.
Or create your own (I use SelfSSL7) and use that. Note : Not in Production!
Refer: AD FS 2.0: How to Replace the SSL, Service Communications, Token-Signing, and Token-Decrypting Certificates