locked
Auto-rollover issue RRS feed

  • Question

  • We had AutoCertificateRoller set to true, however, last year we set the token signing cert to expire in 100 years just so we wouldn't have to hand it out to our federation partners every few years. I never changed the auto rollover, but figured it never would, at least not for a hundred years.  Recently, we changed the public certificate, but, for some reason, the token-signing certs decided to renew themselves. I cleaned up the mess, which meant handing out the cert to our partners. Then, it happened again the next day. I've since removed the secondaries and set auto rollover to false, but what would cause that behavior if the certificates were no where near expiration?
    Tuesday, January 28, 2020 12:50 PM