What I need is a concise document that lists what sorts of certificates I need for ADFS 2012R2 and ADFS proxy, I can find one or the other but not both.
What I think I need (after much googling);
Token-signing certificate (ADFS server)
-Any x509 cert
-Does need need any special EKU
-Should not be self-signed (this is different to ADFS 2.0)
-Can be any subject name
Secure Sockets Layer (SSL) certificate (ADFS server)
-Same as service communication certificate
-Subject is the FQDN of the ADFS service
-Should have following SAN
--FQDN of the ADFS services
--Enterpriseregistration.domain(forwindows8)
-Should have a EKU of server authentication
Token-decryption certificate(ADFS server)
-Cant find any specific info about this certificate
Secure Sockets Layer (SSL) certificate (ADFS proxy)
-Can this be the same cert as the one we use for the ADFS server?
Client authentication certificates (ADFS proxy)
-Not required any more?
Ideally I would like to be able to get an inf file that I can use for the certreq process for each of the required certs, a lot of the documentation still points you to IIS to do the csr but IIS is no longer installed on the ADFS servers.
References
http://technet.microsoft.com/en-us/library/dd807040.aspx
http://technet.microsoft.com/en-us/library/dd807054.aspx
Thanks for your help, the key here is ADFS 2012 R2 info, not ADFS2.0