Federation servers and federation server proxies require the use of server authentication certificates for different reasons.

Federation servers

Federation servers require server authentication certificates so that clients can establish the server's identity because the federation server presents the client with a server authentication certificate that discloses its source. In this way, a client can verify that the data that is transmitted is usable only by the organization that is identified by the certificate.

Federation server proxies

Federation server proxies require server authentication certificates to secure Web server traffic communication with Web clients. Federation server proxies are usually exposed to computers on the Internet that are not included in your enterprise public key infrastructure (PKI). Therefore, when possible use a server authentication certificate that is issued by a public (third-party) certification authority (CA), for example, Verisign.