SSL Certification renew

If your communication with another APP is encrypted with a trusted third part CA cert, and the max validity for which is 397 days, so you have to do this job every year:

Renew the cert from your CA authority, like Digicert

  1. Export the cert file in cer format with private key.
  2. Copy the cert file to AD FS server, open MMC.exe, Add snap-in > certificate > Computer account > local computer
  3. Import the cert file to certificate ( local computer) > personal > Certificates
  4. Double click the Cert imported, go to Details tab, select Show <All>, find thumbprint, copy the thumbprint to a text file without space in the middle, something like ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’
  5. On Ad FS server, run powershell with administrator privilege.
  6. Use following cmdlet to install the new SSL certificate:

Set-AdfsSslCertificate -Thumbprint ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’

  1. Go to AD FS Management console, Expand Service > Certificates . In the Right Pane, click Set Service Communication Certificate…
  2. Choose the Certificate you imported, click OK.
  3. Restart the ADFS services.