Export the Public Key Portion of a Client Authentication Certificate
Applies To: Windows Server 2008
The public key portion of a client authentication certificate for the federation server proxy must be added to the trust policy on a federation server so that the Federation Service can authenticate the federation server proxy. By exporting the public key portion of the client authentication certificate, you create a file that can be imported into the trust policy. You can use the following procedure on the federation server proxy computer to export the public key portion of its client authentication certificate.
Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To export the public key portion of a client authentication certificate
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Right-click Federation Service Proxy, and then click Properties.
On the General tab, under FSP client authentication certificate, click View.
In the Certificate dialog box, click the Details tab, and then click Copy to File.
On the Welcome to the Certificate Export Wizard page, click Next.
On the Export Private Key page, ensure that No, do not export the private key is selected, and then click Next.
On the Export File Format page, ensure that DER encoded binary X.509 (.CER) is selected, and then click Next.
On the File to Export page, type or browse to the location and file name that you want to use for the exported certificate, and then click Next.
On the Completing the Certificate Export Wizard page, verify that the information that you provided is accurate, and then click Finish.
In the Certificate Export Wizard dialog box, click OK.
In the Certificate dialog box, click OK.
In the Federation Service Properties dialog box, click OK.