ADFS Cert Best Practices – unspoken


  • Hashing algorithms: SHA-256
  • Key size: 2048 bit
  • Private Key generation process: Make sure you select the Legacy key template on domain-joined devices; it is not the default option.
  • AD FS Token Signing and -Decrypting Certs for a longer lifetime: 3 or 5 years

Reference:

https://dirteam.com/sander/series/ad-fs-certificates-best-practices/

Advertisements
This entry was posted in AD. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s