I am working on moving from exchange 2007 to exchange online. I've gotten to the point of needing ADFS to work outside my domain. I've got a trusted third party cert from GD, made the appropriate setting changes in the firewall, and can verify traffic hitting the ADFS server.
The problem I am having is ADFS requires legacy configuration when generating the cert this limiting the ciphers apparently. The error codes i see in event viewer are:
"Error : An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1204"
Ive tried using openssl to import then export the cert to "unlock" all the ciphers but I cant seem to get it to work. Thank you all for reading, any suggestions would be much appreciated.
You've already got to know the root cause here:
So the solution here is:
Solution:
certutil.exe -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -importpfx C:\Cert\YourCNGCertFile.pfx