AD FS 2.0 Basics

Configuring the Token-Decrypting Certificate

  1. Open the AD FS 2.0 Management tool and click Start > Administrative Tools > AD FS 2.0 Management.

  2. In the left pane, expand the Service folder and click Certificates.

  3. In the Certificates section, select Add Token-Decrypting Certificate.

  4. (Conditional) If you see an error prompting you to run certain commands during the token-decrypting process, run the following PowerShell commands:

    Add-PSSnapin Microsoft.Adfs.PowerShell

    Set-ADFSProperties -AutoCertificateRollover $false

    These commands allow you to select other certificates. The certificate must be installed on the server. The certificates are configured on the IIS Manager.

  5. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.

  6. Click ServerName.

  7. Click Server Certificates in the IIS section.

Adding CA Certificates to AD FS 2.0

  1. In Windows, Start > Run > mmc.

  2. Attach snapshot certificates as service.

  3. Select AD FS.

  4. Import the CA certificate to trusted authorities.