Steps for Renewing ADFS Certificate

The following steps should be performed when the SSL certificate on your ADFS Server is close to expiring. You will start to receive a warning in the Office 365 Portal about 30 days prior to expiration…

Preliminary Steps

  1. Make sure you know the username and password for the main domain.onmicrosoft.com Administrator account
  2. Install the new certificate on the ADFS Server
  3. Make a note of its thumbprint value
  4. Bind the new certificate to the Default Web Site in IIS

PowerShell Commands

  1. Launch the “Microsoft Online Services Module for Windows PowerShell” PowerShell
  2. Run “Add-PSSnapin Microsoft.Adfs.Powershell”
  3. Run “Set-ADFSCertificate -CertificateType Service-Communications -Thumbprint ThumbPrint” where ThumbPrint is the value from Step 3 in the Preliminary Steps section
  4. Run “Update-AdfsCertificate –Urgent”
  5. Run “Connect-MsolService” and enter your Office 365 credentials from Step 1 in the Preliminary Steps section
  6. Run “Update-MsolFederatedDomain -DomainName “domain.com”” where domain.com is the appropriate domain name. Note you may need to add the “-SupportMultipleDomain” depending on how things were initially setup

Restart Services

  1. Restart the AD FS 2.0 Windows Service
  2. Run “IISRESET” to restart IIS and its services

Test

  1. Attempt to login with an ADFS account and verify the certificate warning is gone