Steps for Renewing ADFS 3.0 Certificate

The following steps should be performed when the SSL certificate on your ADFS Server is close to expiring…

Preliminary Steps

  1. Make sure you know the username and password for the main domain.onmicrosoft.com Administrator account.
  2. Install the new certificate on the ADFS Server.  If you have a primary and secondary ADFS Server, make sure to install the certificate on both servers.

PowerShell Commands

  1. Launch the standard “blue” PowerShell on the ADFS Server as an Administrator.
  2. Run “Get-ChildItem -path cert:\LocalMachine\My” to determine the Certificate Thumbprint.  Make a note of the thumbprint value.
  3. Run “Set-AdfsSslCertificate -Thumbprint Thumbprint” where Thumbprint is the value from Step 2.
  4. Run “Update-AdfsCertificate –Urgent”.
  5. Run “Connect-MsolService” and enter your Office 365 credentials from Step 1 in the Preliminary Steps section.
  6. Run “Update-MsolFederatedDomain -DomainName “domain.com”” where domain.com is the appropriate domain name. Note you may need to add the “-SupportMultipleDomain” if you have multiple federated domains.

Restart Services

  1. Restart the “Active Directory Federation Service” service.

Test

  1. Attempt to login with an ADFS account and verify the certificate warning is gone.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s