...
- Copy the certificates to all ADFS servers in the farm and import them.
$ADFSDnsName = "[ADFS DNS Name]"
# Encryption Certificate
$encryptionPassword = Read-Host "Type the previous password for the encryption PFX file" -AsSecureString
Import-PfxCertificate -FilePath 'C:\encryption.ADFS DNS Name.pfx' -Exportable:$true -Password $encryptionPassword -CertStoreLocation "cert:\LocalMachine\My"
# Signing Certificate
$signingPassword = Read-Host "Type the password for the signing PFX file" -AsSecureString
Import-PfxCertificate -FilePath 'C:\signing.ADFS DNS Name.pfx' -Exportable:$true -Password $signingPassword -CertStoreLocation "cert:\LocalMachine\My"
Step 1 : Add
...
Certificates to ADFS
- Token-Signing
Set-AdfsCertificate -CertificateType "Token-Signing" -Thumbprint "thumbprint of signing cert" <optional switch to make it primary -IsPrimary>
- Token-Decrypting
Set-AdfsCertificate -CertificateType "Token-Decrypting" -Thumbprint "thumbprint of decrypting cert" <optional switch to make it primary -IsPrimary>
Step 2 : Upload new Metadata
...
Step 3 : Wait for the ADFS to switch signing cert internally
In the Get-AdfsProperties command, you can check the value for CertificateCriticalThreshold. Default setting is 2 and it means that ADFS will switch the certificates two days before
their expiration date weather you want it to or not.Kan ni skriva något bra hur man ser det ?
Step 4 : Upload new Metadata again
...