Add-AdfsCertificate
Adds a new certificate to AD FS for signing, decrypting, or securing communications.
Syntax
Add-AdfsCertificate
-CertificateType <String>
-Thumbprint <String>
[-IsPrimary]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Add-AdfsCertificate cmdlet adds a new certificate to Active Directory Federation Services (AD FS) for token signing, token decrypting, card signing, or securing communications.
Examples
Example 1: Add a token-signing certificate
PS C:\> Add-AdfsCertificate -CertificateType "Token-Signing" -Thumbprint "fedd995b45e633d4ef30fcbc8f3a48b627e9a28b"This command adds a token-signing certificate with the thumbprint fedd995b45e633d4ef30fcbc8f3a48b627e9a28b.
Parameters
-CertificateType
Specifies the type and purpose of the certificate. The acceptable values for this parameter are:
| Type: | String |
| Accepted values: | Token-Decrypting, Token-Signing |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsPrimary
Indicates that the certificate is primary or not. Primary token-signing certificates are used to digitally sign outgoing claims. Primary token-encrypting certificates are published in federation metadata for use by trusted claims providers. Service communications certificates are always primary certificates.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Thumbprint
Specifies the thumbprint of the certificate to use.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
A string object is received by the Thumbprint parameter.
Outputs
Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate
Returns the new ServiceCertificate object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.
Notes
- Active Directory Federation Services (AD FS) uses certificates for issuing and receiving tokens, publishing federation metadata, and communication through Secure Sockets Layer (SSL).