Add a Federation Service Proxy Certificate to the Trust Policy

Applies To: Windows Server 2008

So that the Federation Service can authenticate the federation server proxy, the public key portion of the client authentication certificate for the federation server proxy must be added to the trust policy on a federation server with which the federation server proxy communicates. You can use the following procedure to add the client authentication certificate for the federation server proxy from a file that you have exported.


The Trust Policy user interface (UI) in the Active Directory Federation Services snap-in refers to client authentication certificates for federation service proxies as Federation Service Proxy (FSP) certificates.

The Federation Service Proxy certificate should chain to a trusted root in the Federation Service. Perform this procedure on a federation server that hosts the trust policy to which you want to add a Federation Service Proxy certificate.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To add a Federation Service Proxy certificate to the trust policy

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Right-click Trust Policy, and then click Properties.

  3. On the FSP Certificates tab, click Add.

  4. In the Browse for Federation Service Proxy Certificate file dialog box, navigate to the certificate file that you want to add, select the certificate file, and then click Open.

  5. In the Trust Policy Properties dialog box, click OK.

Additional references

Checklist: Installing a Federation Server Proxy

Certificate Requirements for Federation Server Proxies