none
ADFS and IE11 RRS feed

  • Question

  • Hi,

    I have an ADFS setup that is Load Balanced behind a Citrix NetScaler.  My current SSL Cert is due to expire in October.  As it stands, ADFS and IE11 work without an issue.  I can hit https://myurl.com/adfs/ls/idpinitiatedsignon.aspx, hit 'Sign In' and I'm all good.

    So now I have a newly renewed SSL cert.  I update the certs on my NetScaler and now, https://myurl.com/adfs/ls/idpinitiatedsignon.aspx via IE11 persists on giving me a Windows Security message and will not allow me to login.  If I flip the SSL cert back to the original, everything works as expected.

    Anyone know what's up here with ADFS/IE11?

    Regards

    Sunday, August 4, 2019 10:37 AM

All replies

  • Have you installed root certificates of the new SSL cert?

    The certificate chain can be corrupted.

    https://docs.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate

    Monday, August 5, 2019 4:22 AM
  • The only place I didn't update the certs was on the ADFS server itself.  On the NetScaler, first I updated the cert and I received the Windows Security message.  So then I linked the Cert on the NetScaler with the DigiCert CA.  Still no good.  I don't receive any cert errors, or breaks in the chain, as far as IE tells me.  As far as the certificate is concerned, there really is no change other than the expiry date.  All others (including certs in the chain) are exactly the same as before.

    Thing is, every other browser works as expected, but only IE throws the security login.  Problem is, IE11 is our default browser internally.

    Monday, August 5, 2019 5:43 AM