Versions Compared

Old Version 2

changes.mady.by.user Johan Peterson

Saved on

compared with

New Version 3

changes.mady.by.user Tommy Larsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Copy the certificates to all ADFS servers in the farm and import them.
$ADFSDnsName = "[ADFS DNS Name]"

# Encryption Certificate
$encryptionPassword = Read-Host "Type the previous password for the encryption PFX file" -AsSecureString
Import-PfxCertificate -FilePath 'C:\encryption.ADFS DNS Name.pfx' -Exportable:$true -Password $encryptionPassword -CertStoreLocation "cert:\LocalMachine\My"

# Signing Certificate
$signingPassword = Read-Host "Type the password for the signing PFX file" -AsSecureString
Import-PfxCertificate -FilePath 'C:\signing.ADFS DNS Name.pfx' -Exportable:$true -Password $signingPassword -CertStoreLocation "cert:\LocalMachine\My"



Step 1 : Add

...

Certificates to ADFS

  • Token-Signing
Set-AdfsCertificate -CertificateType "Token-Signing" -Thumbprint "thumbprint of signing cert" <optional switch to make it primary -IsPrimary>
  • Token-Decrypting
Set-AdfsCertificate -CertificateType "Token-Decrypting" -Thumbprint "thumbprint of decrypting cert" <optional switch to make it primary -IsPrimary>

Step 2 : Upload new Metadata

...

Step 3 : Wait for the ADFS to switch signing cert internally

In the Get-AdfsProperties command, you can check the value for CertificateCriticalThreshold. Default setting is 2 and it means that ADFS will switch the certificates two days before

their expiration date weather you want it to or not.Kan ni skriva något bra hur man ser det ?

Step 4 : Upload new Metadata again

...