locked
Update SSL certificate for ADFS RRS feed

  • Question

  • Hello Support,

    We have a setup AWS SSO> ADFS+ AWS RDS(MSSQL Database) > AWS Appstream. ADFS acts as IDP to the Service provider (AWS Appstream)

    Used Let's Encypt SSL certificate and it is up and running.

    Posted commands ran to install adfs farm & additional nodes here.

    Install-AdfsFarm -CertificateThumbprint <Thumpprint-value> -FederationServiceName appstream.abc-ac.cloud -ServiceAccountCredential $svcCred -Credential $localAdminCred -OverwriteConfiguration -AdminConfiguration $adminConfig -SigningCertificateThumbprint <Thumpprint-value> -DecryptionCertificateThumbprint <Thumpprint-value> -SQLConnectionString "Data Source=abc.rds.amazonaws.com;Integrated Security=True" -Verbose

    Add-AdfsFarmNode -CertificateThumbprint <Thumpprint-value> -ServiceAccountCredential $svcCred -SQLConnectionString "Data Source=abc.rds.amazonaws.com;Integrated Security=True"

    And now the SSL is getting expire and to renew used Lets encrypt posh-acme client tool and generated new certificate but while updating the new certificate with ADFS getting error.

    Script to generate the new SSL certificate:

    Source: https://github.com/rmbolger/Posh-ACME

    ##   *****Installing POSH-ACME Module*****   ##
    Save-Module -Name Posh-ACME -Path 'C:\Program Files\WindowsPowerShell\Modules'
    Install-Module -Name Posh-ACME
    ##   *****Installing AWS Powershell Module*****   ##
    Save-Module -Name AWSPowerShell -Path 'C:\Program Files\WindowsPowerShell\Modules'
    Install-Module -Name AWSPowerShell
    ##   *****Configuring AWS Settings*****   ##
    Set-AWSCredential -StoreAs 'posh-acme' -AccessKey '<Accesskey-value>' -SecretKey '<Secretkey-value>'
    Initialize-AWSDefaultConfiguration -ProfileName 'posh-acme'
    $r53Params = @{R53ProfileName='posh-acme'}
    ##   *****Generating Wildcard Certificate*****   ##
    New-PACertificate '*.abc-ac.cloud' -AcceptTOS -Contact abc@domain.com -DnsPlugin Route53 -PluginArgs $r53Params
    $Thumbprint = (Get-PACertificate '*.abc-ac.cloud').Thumbprint;
    Write-Host -Object "My thumbprint is: $Thumbprint";

    Commands used to update the ADFS SSL certificate:

    Source: https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfssslcertificate?view=win10-ps 

    Set-AdfsSslCertificate -Thumbprint '<Thumbprint-value>'

    Error:

    PS0316: AD FS Server: 'adfs-srv02.abc-ac.cloud', Error: 'The certificate specified does not meet all the
    requirements of an SSL certificate.'.

    Even tried changing the SSL certificate manually by updating it in ADFS management console but failed to load the application 

    It met the requirements of ADFS ssl certificate as mentioned in https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-requirements#BKMK_1

    Now helpless. Both powershell and GUI is not working to update the ADFS SSL.


    Sathishkumar M

    Tuesday, November 13, 2018 8:09 AM