How To Update Site Certificate For ADFS Windows Server 2012

Share This:

How To Update Site Certificate For ADFS Windows Server 2012 1

If you run a Microsoft ADFS Server on Windows Server 2012, there will probably be a time when you’ll need to update your site certificate on the server. In my case, I use a wildcard certificate for my domain, for example * so that all subdomains can use the same certificate. When you update the certificate on your server, you’ll need to run some Powershell commands to ensure the new certificate is applied in all of the correct places. If you fail to run these commands and delete your old certificate, you’ll probably run into some errors like “connection reset” when visiting your ADFS site.

Installing The Certificate

If you have more than one ADFS server in your environment you will run the following procedures from the primary ADFS server. The changes will replicate to all other ADFS servers in the farm.

First, you’ll want to launch your Local Machine Certificates. Click Start and type in “certificates” and click on Manage Computer Certificates. Browse to Personal > Certificates, then click on Actions > All Tasks > Import and import your new certificate.

Open an elevated PowerShell prompt to run the following command (you’ll get a thumbprint similar to the screenshot above):

dir cert:\LocalMachine\My

Copy the thumbprint for the new SSL certificate you wish to use, then run both commands:

Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint thumbprint
Set-AdfsSslCertificate -Thumbprint thumbprint

Finally, restart the ADFS Service. You don’t need to restart the whole server, just the service.

For more information, visit this Microsoft MSDN Blog post.

Share This:


Leave a Reply