Certificates used by federation server proxies
Applies To: Windows Server 2003 R2
SSL client authentication certificates
Each federation server proxy uses a Secure Sockets Layer (SSL) client authentication certificate to authenticate to the Federation Service. Any certificate with client authentication extended key usage (EKU) can be used as a federation server proxy client authentication certificate. A copy of the federation server proxy client authentication certificate is stored on both the federation server proxy and in the trust policy of the federation server. However, only the federation server proxy stores the private key that is associated with the federation server proxy client authentication certificate.
SSL server authentication certificates
The federation server proxy uses SSL server authentication certificates to secure Web services traffic for communication with Web clients. These certificates are requested and installed through the Internet Information Services (IIS) snap-in.
For more information about certificates, see Public Key Infrastructure for Windows Server 2003 on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=19936).