Set-AdfsAlternateTlsClientBinding
Configures an existing AD FS deployment to use the same port for both device certificate and client certificate authentication.
Syntax
Set-AdfsAlternateTlsClientBinding
[-Thumbprint <String>]
[-Member <String[]>]
[-Force <Boolean>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-AdfsAlternateTlsClientBinding cmdlet configures an existing AD FS deployment to use the same port (443) for both device certificate and client certificate authentication (client TLS).
The cmdlet creates an endpoint for user certificate authentication on certauth
.<federation service name>, such as certauth.contoso.com
.
To change the deployment back to one in which user certificate authentication uses a non-standard port, use the Set-AdfsSslCertificate cmdlet with a new certificate that does not contain a Subject Alternative Name (SAN) for certauth
.<federation service name>.
The Install-AdfsFarm cmdlet configures client TLS on port 49443 if the SSL certificate does not contain a Subject Alternative Name (SAN) for certauth
.<federation service name>, such as certauth.contoso.com
.
Use Set-AdfsAlternateTlsClientBinding with a new certificate that contains the SAN entry. It will configure AD FS to use port 443 for client TLS.
Examples
Example 1: Configure a deployment
PS C:\> Set-AdfsAlternateTlsClientBinding -Member "ADFSServer1.contoso.com" -Thumbprint "c67e1ffba186d70c7e00c89596e0cb5645f9874a"
This command configures a deployment to use the same port for device certificate authentication and user certificate authentication. In this example, the certificate that has the specified thumbprint contains a SAN for certauth.contoso.com.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
Type: | Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Member
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Thumbprint
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Related Links
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기