This wildcard certificate cannot be used for the website .Ĭertificates can be subject alternative name (SAN) certificates. A wildcard certificate with the subject name *. can be used for web applications in the domain, for example, and. The certificate must be imported directly into the personal store.Ĭertificates can have wildcards in the name. The common name of the certificate should match the name that you configure for the external URL of the published web application, or the federation service name.įor the Enhanced Key Usage field, use the Server Authentication object identifier (OID).įor the CRL Distribution Points field, specify a CRL distribution point that is accessible by client devices that are connected to the Internet. Make sure that the website certificate used for server authentication meets the following requirements: The certificate can be based on the certificate template created in Configure certificate templates.Ī certificate revocation list (CRL) distribution point that is reachable from a publicly resolvable FQDN. The certificate subject should be an externally resolvable FQDN that is reachable from the Internet. Private-The following are required, if they do not already exist:Ī website certificate used for server authentication. If the certificate subject is not a wildcard, it must be the externally resolvable fully qualified domain name (FQDN) URL that you configure on the Web Application Proxy server for the application. For these required certificates, there are two options for the issuing CA:Ī website certificate used for server authentication. In an Web Application Proxy deployment you require certificates for the published web applications, and for the AD FS proxy if your deployment provides AD FS proxy functionality. On the internal CA, create a certificate template as described in Creating Certificate Templates.ĭeploy the certificate template as described in Deploying Certificate Templates. and enterpriseregistration.Ī wildcard certificate, a subject alternative name (SAN) certificate, several SAN certificates, or several certificates whose subjects cover each web application.Ī copy of the certificate issued to external servers when using client certificate preauthentication.ĭepending on your deployment and authentication requirements, you might require additional certificate templates on your internal certification authority (CA). If you want to use Workplace Join, the certificate must also contain the following subject alternative names (SANs). Web Application Proxy servers require the following certificates in the certificate store on each Web Application Proxy server:Ī certificate whose subject covers the federation service name.
#Web application wizard windows#
This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described.
0 kommentar(er)
