Steps for Renewing ADFS Certificate

The following steps should be performed when the SSL certificate on your ADFS Server is close to expiring. You will start to receive a warning in the Office 365 Portal about 30 days prior to expiration…

Preliminary Steps

  1. Make sure you know the username and password for the main Administrator account
  2. Install the new certificate on the ADFS Server
  3. Make a note of its thumbprint value
  4. Bind the new certificate to the Default Web Site in IIS

PowerShell Commands

  1. Launch the “Microsoft Online Services Module for Windows PowerShell” PowerShell
  2. Run “Add-PSSnapin Microsoft.Adfs.Powershell”
  3. Run “Set-ADFSCertificate -CertificateType Service-Communications -Thumbprint ThumbPrint” where ThumbPrint is the value from Step 3 in the Preliminary Steps section
  4. Run “Update-AdfsCertificate –Urgent”
  5. Run “Connect-MsolService” and enter your Office 365 credentials from Step 1 in the Preliminary Steps section
  6. Run “Update-MsolFederatedDomain -DomainName “”” where is the appropriate domain name. Note you may need to add the “-SupportMultipleDomain” depending on how things were initially setup

Restart Services

  1. Restart the AD FS 2.0 Windows Service
  2. Run “IISRESET” to restart IIS and its services


  1. Attempt to login with an ADFS account and verify the certificate warning is gone

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s