Set-AdfsSslCertificate
Sets an SSL certificate for HTTPS bindings for AD FS.
Syntax
Default (Default)
Set-AdfsSslCertificate
-Thumbprint <String>
[-Force <Boolean>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-AdfsSslCertificate cmdlet sets an SSL certificate for HTTPS bindings for Active Directory Federation Services (AD FS). Use this cmdlet to change the SSL certificate associated with the AD FS service. On Server 2016, this is a multi-node commandlet, meaning it only has to run on the primary and all nodes in the farm will be updated. On Server 2012R2, run the command on each ADFS server in the ADFS farm.
Use this cmdlet to change the deployment from one in which both user certificate authentication and device certificate authentication use port 443, to one in which user certificate authentication uses a non-standard port.
Specify a new certificate that does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>, as in certauth.contoso.com.
Examples
Example 1: Set a certificate
PS C:\> Set-AdfsSslCertificate -Thumbprint "FC85DDB0FC58E63D8CB52654F22E4BE7900FE349"
This command sets the specified certificate for HTTPS bindings for AD FS.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Force
The Set-AdfsSslCertificate cmdlet sets an SSL certificate for HTTPS bindings for Active Directory Federation Services (AD FS). Use this cmdlet to change the SSL certificate associated with the AD FS service. On Server 2016, this is a multi-node commandlet, meaning it only has to run on the primary and all nodes in the farm will be updated. On Server 2012R2, run the command on each ADFS server in the ADFS farm.
Use this cmdlet to change the deployment from one in which both user certificate authentication and device certificate authentication use port 443, to one in which user certificate authentication uses a non-standard port.
Specify a new certificate that does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>, as in certauth.contoso.com.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Thumbprint
Specifies the thumbprint of a certificate. The thumbprint that you specify corresponds to the certificate installed on the federation server in the local store.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.