locked
ADFS 3.0 Token Signing Validity Extension RRS feed

  • Question

  • Hello Everyone,

    We have Self Signed certificates in our ADFS 3.0 environment which is going to expire soon. According to article

    https://blogs.technet.microsoft.com/askpfeplat/2015/01/26/adfs-deep-dive-certificate-planning/

    We can extend the validity using the cmdlet

    Set-AdfsProperties -CertificateDuration integer-number-in-days

    My question is do we need the Application end side ( usually SAML) in our case to update the cert again. I am not sire on this as we are extending the validity however the thumbprint is the same for the cert.

    But the Application side (Vendor) the cert thumbprint is same but end date will mis match.

    Has some done this before or have any idea on this?

    Regards,

    Abhishek 

    Thursday, February 18, 2016 8:41 AM

Answers

  • That validity only applies at the next rollover.

    If you want to do it immediately, use:

    Update-AdfsCertificate -Urgent      

    The new certificates will have the new validity period.  

    Either way you will get a new certificate. You can't extend the validity.

    Thursday, February 18, 2016 4:38 PM

All replies

  • That validity only applies at the next rollover.

    If you want to do it immediately, use:

    Update-AdfsCertificate -Urgent      

    The new certificates will have the new validity period.  

    Either way you will get a new certificate. You can't extend the validity.

    Thursday, February 18, 2016 4:38 PM
  • Thanks a alot. Now its clear to me.

    Regards,

    Abhishek

    Friday, February 19, 2016 5:01 AM