Set-AdfsCertificate
Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications.
Syntax
Set-AdfsCertificate
-CertificateType <String>
-Thumbprint <String>
[-IsPrimary]
[-PassThru]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Set-AdfsCertificate cmdlet sets the properties of an existing certificate that Active Directory Federation Services (AD FS) uses to sign, decrypt, or secure communications.
Examples
Example 1: Set a certificate
PS C:\> Set-AdfsCertificate -IsPrimary -CertificateType "Token-Signing" -Thumbprint "fedd995b45e633d4ef30fcbc8f3a48b627e9a28b"This command sets the primary token-signing certificate.
Parameters
-CertificateType
Specifies the certificate type (that is, how the Federation Service uses the certificate). The acceptable values for this parameter are:
- Service-Communications
- Token-Decrypting
- Token-Signing
| Type: | String |
| Accepted values: | Service-Communications, Token-Decrypting, Token-Signing |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsPrimary
Indicates that the certificate is primary. Primary token-signing certificates are used to digitally sign outgoing claims. Primary token-encrypting certificates are published in federation metadata for use by trusted claims providers. Information Card signing and service communications certificates are always primary.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Thumbprint
Specifies the thumbprint of the certificate to use.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
A String object is received by the Thumbprint parameter.
Outputs
Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate
Returns the updated ServiceCertificate object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.
Notes
- Use the Set-AdfsRelyingPartyTrust or Set-AdfsClaimsProviderTrust cmdlets, as appropriate, to modify the certificates that are associated with a relying party or a claims provider.