locked
ADFS still using old SSL certificate after update RRS feed

  • Question

  • Howdy community, 

    during last weekend we tried to update our SSL Certificate for 2012R2 ADFS from Let's Encrypt to DigiCert.
    I'm unable to post images, since I'm not verified, so I'll try to explain it as best as i can. 

    In ADFS Service Communications, Token encrypt/decypt certificates are using new certificate.

    Bindings from show sslcert are updated as well.

    But on the public side, ADFS is still presenting itself with old certificate from Let's Encrypt.

    Any suggestion regarding what we are missing?

    How can I get verified in order to post images?

    Thank you in advance. 
    Filippo

    Tuesday, October 29, 2019 11:04 AM

Answers

  • My guess is that the external load balancer, or reverse proxy, or whatever you have on the front is doing some SSL termination for whatever reason (not really useful in the ADFS proxy scenario though). So you'll need to update it there.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 29, 2019 12:54 PM

All replies

  • My guess is that the external load balancer, or reverse proxy, or whatever you have on the front is doing some SSL termination for whatever reason (not really useful in the ADFS proxy scenario though). So you'll need to update it there.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 29, 2019 12:54 PM
  • Thank you Pierre for pointing me in the right direction. 

    Yes, you are right but we are not using ADFS Proxy at the moment.

    Have a nice day. 

    Tuesday, October 29, 2019 1:37 PM