Steps for Renewing ADFS 3.0 Certificate

The following steps should be performed when the SSL certificate on your ADFS Server is close to expiring…

Preliminary Steps

  1. Make sure you know the username and password for the main Administrator account.
  2. Install the new certificate on the ADFS Server.  If you have a primary and secondary ADFS Server, make sure to install the certificate on both servers.

PowerShell Commands

  1. Launch the standard “blue” PowerShell on the ADFS Server as an Administrator.
  2. Run “Get-ChildItem -path cert:\LocalMachine\My” to determine the Certificate Thumbprint.  Make a note of the thumbprint value.
  3. Run “Set-AdfsSslCertificate -Thumbprint Thumbprint” where Thumbprint is the value from Step 2.
  4. Run “Update-AdfsCertificate –Urgent”.
  5. Run “Connect-MsolService” and enter your Office 365 credentials from Step 1 in the Preliminary Steps section.
  6. Run “Update-MsolFederatedDomain -DomainName “”” where is the appropriate domain name. Note you may need to add the “-SupportMultipleDomain” if you have multiple federated domains.

Restart Services

  1. Restart the “Active Directory Federation Service” service.


  1. Attempt to login with an ADFS account and verify the certificate warning is gone.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s