none
ADFS Certificate Renewal Challenge RRS feed

  • Question

  • 
    Hi Team,

    I tried renewing adfs certificates in my test lab

    Service communication

    Token signing

    Token decrypting

    For renewal, i installed certificates on 2 core and 2 WAP servers. Added token signing and token decrypting certificates. Then set service comunication. 

    Then set new token signing and token decrypting certificates as primary.

    Then execute "set-adfssslcertificate" command

    Checked binding via netshh http command and set correct thumbprint for 443 port

    Restarted services on core servers

    On WAP, execute below commands,

    Set-webapplicationproxysslcertificate

    Set-webapplicationproxyapplication -thrumprint

    Restarted services on both WAP servers as well. 

    Rebooted all four servers

    --------------------------------------

    After all these steps 

    Adfs 3.0 is showing new certificates

    Netsh http command is showing thumprint of new certificate

    Adfs metadata file is showing new certificates

    Get-adfs certificates commands are showing new certificates

    Get-webapplicationproxyapplication is showing new certificate

    However when i checked on idpinitiated page it is still showing old certificate. Have no clue what went worng and why adfs 3.0 is still taking old certificates

    Friday, October 18, 2019 6:45 AM