How should you configure the certificate request?

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for
Workplace Join.
You run nslookup enterprise registration and you receive the following results:

You need to create a certificate request for Server1 to support the Active Directory Federation
Services (AD FS) installation.
How should you configure the certificate request?
To answer, drag the appropriate names to the correct locations. Each name may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for
Workplace Join.
You run nslookup enterprise registration and you receive the following results:

You need to create a certificate request for Server1 to support the Active Directory Federation
Services (AD FS) installation.
How should you configure the certificate request?
To answer, drag the appropriate names to the correct locations. Each name may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation:
Obtain a server SSL certificate from either a public certificate authority (CA) or from your
organization’s PKI subordinate CA that is trusted by a public certificate authority.
The server SSL certificate must have the following certificate attributes to be used with Workplace
Join:
– Subject Name (CN): adfs1.contoso.com
– Subject Alternative Name (DNS): adfs1.contoso.com
– Subject Alternative Name (DNS): enterpriseregistration.contoso.com

Why R2? Step-by-Step: Solve BYOD Challenges with Workplace Join in Windows Server 2012 R2 and
Windows 8.1

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

Ryan

Ryan

What’s the point in having a san with the same value as the cn? Why not use server1 or the IP address as one of the sans?

cn: adfs1
san: server1 or 192.168.0.70
san: enterpriseregistration

Reply

Ryan

Ryan

correction: forget ip since its not an option.

answer should be:
cn: adfs1
san: server1
san: enterpriseregistration

Reply

nsdthinktank

nsdthinktank

– Subject Name (CN): adfs1.contoso.com
– Subject Alternative Name (DNS): adfs1.contoso.com
– Subject Alternative Name (DNS): enterpriseregistration.contoso.com

Is correct because if we specify the server name as our first subject alternative name in DNS, we would then need a new cert for each and every server you add to your adfs farm, and a corresponding cname record in dns for each server.

At least that’s my understanding.

Reply

ab

ab

is the answer correct?

Reply

L

L

The answer is correct. Check it out:

https://technet.microsoft.com/en-au/library/dn280939.aspx

You must install a server Secure Socket Layer (SSL) certificate on the ADFS1 server in the local computer store. The certificate MUST have the following attributes:
Subject Name (CN): adfs1.contoso.com
Subject Alternative Name (DNS): adfs1.contoso.com
Subject Alternative Name (DNS): enterpriseregistration.contoso.com

Reply

kurt

kurt

adfsa.contoso.com is actually the federation service name. enterpriseregistration.domainname is required for workplace join and represents the ADFS server so u know its not dc1

answer is correct

Reply