【发布时间】:2021-06-09 18:05:36
【问题描述】:
我正在尝试将 ADSF 配置为使用通配符 SSL 证书
我可以看到证书的指纹:
C:\temp\SAML> dir cert:\Localmachine\My\
PSParentPath: Microsoft.PowerShell.Security\Certificate::Localmachine\My
Thumbprint Subject
---------- -------
950CB19E429B5A409FD9650B08E873B23FE1082D CN=*.mydomain.com
但是当我尝试将其安装为 SSL 证书时,我看到以下错误:
C:\temp\SAML> Set-AdfsSslCertificate -Thumbprint 950CB19E429B5A409FD9650B08E873B23FE1082D
Set-AdfsSslCertificate : PS0317: One or more of AD FS servers returned errors during execution of command
'Set-AdfsSslCertificate'. Error information: PS0316: AD FS Server: 'localhost', Error: 'The SSL certificate specified by
thumbprint 950CB19E429B5A409FD9650B08E873B23FE1082D does not have a subject name that matches the specified Federation
Service name: EC2AMAZ-0FBOMSR.adfs.mydomain.com'.
At line:1 char:1
+ Set-AdfsSslCertificate -Thumbprint 950CB19E429B5A409FD9650B08E873B23F ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-AdfsSslCertificate], RemoteException
+ FullyQualifiedErrorId :
RuntimeException,Microsoft.IdentityServer.Management.Commands.SetSslCertificateCommand
错误是关于错误的主题名称。那不应该是“CN =”吗? 使用通配符有问题吗?
【问题讨论】:
标签: certificate adfs