MIM 2016: Getting certificates for the MIM Portal and SSPR

Lets take a look at the specs you need for a MIM Portal and SSPR. Two use cases

  1. You are not using a Network Load balancer for your MIM Portal or SSPR then its say one MIM Portal server and 1 SSPR. Could also be multiple servers and still not using NLB.
  2. You are are using a Network Load balancer for your MIM Portal or SSPR. Depends on the Org NLB requirements, in some environments the NLB handles the cert, generally, I prefer that the NLB is a pass through and the cert is handled at the server.

Cert specs for MIM Portal – for each Portal server

  1. Exportable private key
  2. The cert should be for the server hostname
  3. Add any other names that users will use to access the Portal to the alternate name field section. E.g the server FQDN, MyIdentityPortal, MyIdentityPortal.tlkenterprise.com
  4. If SSPR is going to be on the same server as the Portal, add the SSPR names to the alternate names of the cert, e.g registermypassword, resetmypassword.
  5. You can use your internal CA to generate the cert.

Cert specs for MIM SSPR – for each separate server

  1. Exportable private key
  2. The cert should be for the server hostname
  3. Add any other names that users will use to access the SSPR to the alternate name field section. E.g the server FQDN, registermypassword, resetmypassword
  4. You can use your internal CA to generate the cert, if SSPR will not be outside, else get external cert. Make sure the cert provider is in the Trusted provider folder on the server.