Updating ssl certificate
The federation server uses Secure Sockets Layer (SSL) server authentication certificates to secure Web services traffic for communication with Web clients or the federation server proxy.
These certificates are requested and installed through the Internet Information Services (IIS) snap-in.
If you don’t see your cert it means you didn’t import it correctly or there’s no private key that corresponds to the cert.
Now you need to open Power Shell to run a few commands. Make a note of the thumbprint of the new certificate.
After you have the certificate imported into the ADFS Servers “Personal Store” then you need to make sure that you assign the appropriate permissions to the certificate.
Specifically, you need to assign full control to the ADFS service account.
You’ll need to confirm this by going into the certificate store and looking at the details of the certificate you set to be the service communication cert to see if the thumbprint there matches what you see with the GET command. At this point you want to take that hex and paste it out to notepad and then remove all of the spaces and then when you issue the SET command make sure to paste that value for the CORRECT certificate in as the thumbprint.
Next run Set-Adfs Ssl Certification –thumbprint XXXXXXXXXXXXXXXXXXXXXX Restart the ADFS Service (restart-service adfssrv) The Powershell for all of this (including installing the role/feature) is: OPTIONAL: Using a Web Application Proxy Server Now if you are using a Web Application Proxy Server in front of your ADFS Server you need to do a few things.
This is a traditional SSL cert like you would use in IIS for any secure web server.This helps prevent attackers from forging or modifying security tokens to gain unauthorized access to resources.Digital signatures on security tokens are also used in the account partner when there is more than one federation server.You might run into what I did which is what was messing me up and prompted me to author this article.For some reason for me when I issue the Get-Adfs Ssl Certificate command it still showed my OLD certificate – not the new one that I just updated with the set service communication certificate step above.