ADFS Certificate Renewal Challenge RRS feed

  • Question

    Hi Team,

    I tried renewing adfs certificates in my test lab

    Service communication

    Token signing

    Token decrypting

    For renewal, i installed certificates on 2 core and 2 WAP servers. Added token signing and token decrypting certificates. Then set service comunication. 

    Then set new token signing and token decrypting certificates as primary.

    Then execute "set-adfssslcertificate" command

    Checked binding via netshh http command and set correct thumbprint for 443 port

    Restarted services on core servers

    On WAP, execute below commands,


    Set-webapplicationproxyapplication -thrumprint

    Restarted services on both WAP servers as well. 

    Rebooted all four servers


    After all these steps 

    Adfs 3.0 is showing new certificates

    Netsh http command is showing thumprint of new certificate

    Adfs metadata file is showing new certificates

    Get-adfs certificates commands are showing new certificates

    Get-webapplicationproxyapplication is showing new certificate

    However when i checked on idpinitiated page it is still showing old certificate. Have no clue what went worng and why adfs 3.0 is still taking old certificates

    Friday, October 18, 2019 6:45 AM