Blog Archives

AD FS Certificates Best Practices, Part 1: Hashing Algorithms

This entry is part 1 of 4 in the series AD FS Certificates Best Practices

Because Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward SSL/TLS certificate as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest certificates for your Active Directory Federation Services (AD FS) implementation? You won’t hear […]

0  

AD FS Certificates Best Practices, Part 2: Key size

This entry is part 2 of 4 in the series AD FS Certificates Best Practices

Because Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward SSL/TLS certificate as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest certificates for your Active Directory Federation Services (AD FS) implementation? You won’t hear […]

0  

AD FS Certificates Best Practices, Part 3: Cryptographic Next Generation (CNG)-generated Private Keys

This entry is part 3 of 4 in the series AD FS Certificates Best Practices

Because Active Directory Federation Services (AD FS) rely heavily on certificates, you’ll want the most straightforward certificates as the Service Communications Certificate throughout your Active Directory Federation Services (AD FS) implementation. Notice however, that I’m not recommending to use the strongest certificates for your Active Directory Federation Services (AD FS) implementation… That’s right, you won’t […]

0  

AD FS Certificates Best Practices, Part 4: Configuring the AD FS Token Signing and -Decrypting Certs for a longer lifetime

This entry is part 4 of 4 in the series AD FS Certificates Best Practices

Microsoft Active Directory Federation Services implementations, typically, use three certificates for its functionality: Service communication certificate Token-signing certificate Token-decrypting certificate In the past three parts of this series, I’ve discussed the best practices I use when choosing the settings for my service communication certificate (request). Today, I’ll share my best practices for the token-signing certificate […]

0