question

DaveKwas avatar image
0 Votes"
DaveKwas asked DaveKwas answered

Setting new SSL certificate on ADFS/WAP environment - Get-adfsCertificate shows old service-communication thumbprint

I'm updating the SSL cert on my ADFS/WAP build and unsure if what I'm seeing is typical behaviour. I'm using the following two commands to update the certificate:

Set-AdfsSslCertificate -Thumbprint 'CKJHASFD87Y98729I4UQHKJHAWFD98ASDF'
Set-AdfsAlternateTlsClientBinding -Thumbprint 'CKJHASFD87Y98729I4UQHKJHAWFD98ASDF'

restarting ADFS service

Running Get-AdfsSslCertificate shows all ports using the new thumbprint
Running Get-AdfsCertificate show that the Service-Communications certificate thumbprint is still the old one

I've noted on a blog that Set-AdfsSslCertificate is the one I should be using rather than Set-AdfsCertificate but on looking up the details for Set-AdfsCertificate it shows how I can specify the CertificateType as Service-Communications so I'm unsure if I've just missed that step.

any advise on the process?

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

piaudonn avatar image
0 Votes"
piaudonn answered

You need to run both. The Set-AdfsSslCertificate and the Set-AdfsCertificate -CertificateType "Service-Communications".

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaveKwas avatar image
1 Vote"
DaveKwas answered

Many thanks for that.

I ended up just trying a few things as they are VM's so could restore every time something didn't work. Turns out there was a bunch of things which I wasn't aware based on into I was given from someone else at work, various things have forced me to dig deeper into documentation myself so its been a interesting task, after working yesterday afternoon I'm left with 2 ADFS servers and 2 WAP servers, all communicating as expecting, right certificates and up to the latest behaviour level.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.