加入權杖解密憑證Add a Token-Decrypting Certificate

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

聯盟伺服器使用 token-解密憑證時信賴的派對聯盟伺服器必須解密發行新的憑證已設為主要解密憑證之後所發行的較舊的憑證。Federation servers use a token-decryption certificate when a relying party federation server must decrypt tokens that are issued with an older certificate after a new certificate is set as the primary decryption certificate. Active Directory 同盟服務 (AD FS) 使用 (IIS) 網際網路資訊服務解密憑證預設為安全通訊端層 (SSL) 憑證。Active Directory Federation Services (AD FS) uses the Secure Sockets Layer (SSL) certificate for Internet Information Services (IIS) as the default decryption certificate.

警告

用於 token\ 解密憑證的重大同盟服務的穩定性。Certificates used for token-decrypting are critical to the stability of the Federation Service. 因為遺失或計畫的移除之任何設定為這個項目的的憑證可能會服務中斷,您應該備份設定為這個項目的任何憑證。Because loss or unplanned removal of any certificates configured for this purpose can disrupt service, you should backup any certificates configured for this purpose.

您可以使用下列程序將 token\ 解密憑證 AD FS 管理 snap\ 中新增的檔案,您將匯出。You can use the following procedure to add the token-decrypting certificate to the AD FS Management snap-in from a file that you have exported.

資格在系統管理員,或相當於、在本機電腦上的最低需求完成此程序。Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組\ (go.microsoft.com\ fwlink\ 方式 http://// # / 嗎?LinkId\ = 83477)。Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

若要新增的 token\ 解密憑證To add a token-decrypting certificate

  1. [開始]畫面中,輸入AD FS 管理,然後按 ENTER 鍵。On the Start screen, typeAD FS Management, and then press ENTER.

  2. 主控台中 double\ 按一下服務,然後按一下 [的憑證In the console tree, double-click Service, and then click Certificates.

  3. 動作窗格中,按新增 Token\ 解密憑證連結。In the Actions pane, click the Add Token-Decrypting Certificate link.

  4. 瀏覽憑證檔案對話方塊中,瀏覽至您想要新增、選取憑證檔案,然後再按憑證檔案開放In the Browse for Certificate file dialog box, navigate to the certificate file that you want to add, select the certificate file, and then click Open.

其他參考資料Additional references

檢查清單︰ 設定聯盟伺服器Checklist: Setting Up a Federation Server

聯盟伺服器的憑證需求Certificate Requirements for Federation Servers