Hello,
My ADFS Token-Signing and Token-Decrypting Certificates will expire next month. We also have a service communications certificate that will expire next year (public cert). We're planning to renew the 2 certs this month.
The output of Get-AdfsProperties | FL AutoCert*, Certificate* is below
AutoCertificateRollover : True
CertificateCriticalThreshold : 2
CertificateDuration : 365
CertificateGenerationThreshold : 20
CertificatePromotionThreshold : 5
CertificateRolloverInterval : 720
CertificateThresholdMultiplier : 1440
As per my understanding, both certs will be renewed automatically. My questions are:
1. How do I know which Relaying Party trusts use or depend on oken-Signing and Token-Decrypting Certificates? Do i just check the Relaying Party trust encryption and signature tabs?
2. Do I need to contact the relaying parties and provide them with any of the certs?
3. Will Office365 be renewed automatically since CertificateCriticalThreshold : 2 and the metadata can be publicly accessed?
4. Any recommendations on how to renew them?
