Token-Signing and Token-Decrypting Certificates Renewal RRS feed

  • Question

  • Hello,

    My ADFS Token-Signing and Token-Decrypting Certificates will expire next month. We also have a service communications certificate that will expire next year (public cert). We're planning to renew the 2 certs this month. 

    The output of  Get-AdfsProperties | FL AutoCert*, Certificate* is below

    AutoCertificateRollover        : True
    CertificateCriticalThreshold   : 2
    CertificateDuration            : 365
    CertificateGenerationThreshold : 20
    CertificatePromotionThreshold  : 5
    CertificateRolloverInterval    : 720
    CertificateThresholdMultiplier : 1440

    As per my understanding, both certs will be renewed automatically. My questions are:

    1. How do I know which Relaying Party trusts use or depend on oken-Signing and Token-Decrypting Certificates? Do i just check the Relaying Party trust encryption and signature tabs?

    2. Do I need to contact the relaying parties and provide them with any of the certs? 

    3. Will Office365 be renewed automatically since CertificateCriticalThreshold   : 2 and the metadata can be publicly accessed? 

    4. Any recommendations on how to renew them?

    Thursday, April 12, 2018 12:11 AM