Set-AdfsCertificate

Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications.

Syntax

Set-AdfsCertificate
   -CertificateType <String>
   -Thumbprint <String>
   [-IsPrimary]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AdfsCertificate cmdlet sets the properties of an existing certificate that Active Directory Federation Services (AD FS) uses to sign, decrypt, or secure communications.

Examples

Example 1: Set a certificate

PS C:\> Set-AdfsCertificate -IsPrimary -CertificateType "Token-Signing" -Thumbprint ‎"fedd995b45e633d4ef30fcbc8f3a48b627e9a28b"

This command sets the primary token-signing certificate.

Parameters

-CertificateType

Specifies the certificate type (that is, how the Federation Service uses the certificate). The acceptable values for this parameter are:

  • Service-Communications
  • Token-Decrypting
  • Token-Signing
Type:String
Accepted values:Service-Communications, Token-Decrypting, Token-Signing
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsPrimary

Indicates that the certificate is primary. Primary token-signing certificates are used to digitally sign outgoing claims. Primary token-encrypting certificates are published in federation metadata for use by trusted claims providers. Information Card signing and service communications certificates are always primary.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Thumbprint

Specifies the thumbprint of the certificate to use.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

A String object is received by the Thumbprint parameter.

Outputs

Microsoft.IdentityServer.PowerShell.Resources.ServiceCertificate

Returns the updated ServiceCertificate object when the PassThru parameter is specified. By default, this cmdlet does not generate any output.

Notes

  • Use the Set-AdfsRelyingPartyTrust or Set-AdfsClaimsProviderTrust cmdlets, as appropriate, to modify the certificates that are associated with a relying party or a claims provider.