Updating ssl certificate
Normally the SSL certificate for the AD FS farm comes from a trusted third-party CA, like Digi Cert or Verisign.This is a traditional SSL cert like you would use in IIS for any secure web server.You might run into what I did which is what was messing me up and prompted me to author this article.For some reason for me when I issue the Get-Adfs Ssl Certificate command it still showed my OLD certificate – not the new one that I just updated with the set service communication certificate step above.I used the MMC console to see the certificate store on my ADFS server to export the PFX with the private key (make sure you do that!) so that I could import that key over on my WAP server.
For whatever reason that didn’t work for me so I just removed/reinstalled the WAP feature.Active Directory Federation Services (AD FS) 3.0 is a server role included in Windows Server 2012 R2.Active Directory Federation Services (AD FS) 4.0 is a server role included in Windows Server 2016. I use a Digicert multi-domain cert for my ADFS server in my EMS lab.It’s only a 1 year cert so I had to replace it for the first time today and thought I’d document the process. One thing to be sure of – it may have been awhile since you’ve updated your cert and if you’ve enabled workplace join then you need a multi-domain cert to add an alternative name to your certificate.