The following steps should be performed when the SSL certificate on your ADFS Server is close to expiring…
- Make sure you know the username and password for the main domain.onmicrosoft.com Administrator account.
- Install the new certificate on the ADFS Server. If you have a primary and secondary ADFS Server, make sure to install the certificate on both servers.
- Launch the standard “blue” PowerShell on the ADFS Server as an Administrator.
- Run “Get-ChildItem -path cert:\LocalMachine\My” to determine the Certificate Thumbprint. Make a note of the thumbprint value.
- Run “Set-AdfsSslCertificate -Thumbprint Thumbprint” where Thumbprint is the value from Step 2.
- Run “Update-AdfsCertificate –Urgent”.
- Run “Connect-MsolService” and enter your Office 365 credentials from Step 1 in the Preliminary Steps section.
- Run “Update-MsolFederatedDomain -DomainName “domain.com”” where domain.com is the appropriate domain name. Note you may need to add the “-SupportMultipleDomain” if you have multiple federated domains.
- Restart the “Active Directory Federation Service” service.
- Attempt to login with an ADFS account and verify the certificate warning is gone.