locked
ADFS Certificate RRS feed

  • Question

  • Hello, 

    Where can i change the ADFS certificate?

    Friday, June 2, 2017 2:34 PM

Answers

All replies

  • There are at least 3 types of certificate used in ADFS. Which one are you referring to?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    Friday, June 2, 2017 3:04 PM
  • Hello,

    I'm talking about the Service communications certificate (public one)



    • Edited by mlourenco Friday, June 2, 2017 4:04 PM
    Friday, June 2, 2017 3:16 PM
  • You can refer to this: https://blogs.technet.microsoft.com/pie/2015/11/25/script-to-update-the-service-communications-ssl-certificate/

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, June 2, 2017 4:25 PM
  • Hello,

    Thanks for the reply. 

    Theres isn't any "manual" (not via scripting) procedure that can be done?

    Friday, June 2, 2017 5:01 PM
  • You can open the script and do each step one by one. There is one step though that requires to run PowerShell (the one to change the TLS binding), no GUI option for this one.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, June 2, 2017 5:04 PM
  • Need more details?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, June 8, 2017 8:36 PM
  • Hello,

    Thanks for the reply.

    The script works fine, it has been tested, i will not have issues?

    So basicaly i just need to run the script giving the full path of the certificate in pfx format? 

    .\Update-ADFSSSLCertificate.ps1 -PfxPath .\MyCert.pfx

    ".\MyCert.pfx" is the same directory where the script is right? For instance i could use the following sintax

    .\Update-ADFSSSLCertificate.ps1 -PfxPath C:\certificate-dir\MyCert.pfx  ??

    Thanks


    Friday, June 9, 2017 8:33 AM
  • Yes. And run this on each ADFS and WAP servers (as long as you are dealing with ADFS on Windows Server 2012 R2).


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, June 9, 2017 2:06 PM
  • Hello,

    Thanks for your answers

    Another question, the Token-decrypting and Token-signing have to be changed to?

    Friday, June 23, 2017 10:05 AM