In this video we will prepare the lab for certificates required for ADFS. We will also understand why we need the certificates and associated trusts for ADFS to operate properly. All of the certificates we will use in the lab will be self-signed and trusted. They will also be trusted in the Trusted Root Certificate Authority certificate store for the local computers.

Setup video for all of the servers:
https://www.youtube.com/edit?o=U&vide...

Command used for Server3 self-signed certificate:
New-SelfSignedCertificate -DnsName "server3.contoso.com" -CertStoreLocation "cert:\LocalMachine\My"

New-SelfSignedCertificateEx applet download:
https://gallery.technet.microsoft.com...

Command used for Server2 self-signed certificate:
New-SelfsignedCertificateEx -Subject "CN=server2.contoso.com" -EKU "Server Authentication", "Client authentication" -KeyUsage "KeyEncipherment, DigitalSignature" -AllowSMIME -Path C:\server2-PubPri.pfx -Password (ConvertTo-SecureString "password" -AsPlainText -Force) -Exportable


0:10 Introduction
0:21 Understanding the lab setup for ADFS and the roles that each server will participate as.
1:42 Understanding the trust considerations between the application server, ADFS server, and the client.
2:32 Explanation of the servers used for this lab.
3:00 Creation of the self-signed certificate in PowerShell with the New-SelfSignedCertificate command on Server3
4:00 Export of the public key of the self-signed certificate.
5:00 Adding the public key to the Trusted Root Certificate Authority certificate store.
5:38 Import of the PowerShell module and creation of the self-signed certificate in PowerShell with the New-SelfSignedCertificateEx applet on Server2.
8:10 Import of the Public/Private key pair and the public key into the Trusted Root Certificate Authority certificate store.
9:40 Import of Server3's public certificate into the Trusted Root Certificate Authority certificate store Server2.
10:06 Import of Server2's public certificate into the Trusted Root Certificate Authority certificate store on Server3.
10:26 Import of both Server2 and Server3's public certificate into the Trusted Root Certificate Authority certificate store on Server4.
11:26 Creation of server3.contoso.com DNS record on Server1 the DNS server.