SSL Certification renew
If your communication with another APP is encrypted with a trusted third part CA cert, and the max validity for which is 397 days, so you have to do this job every year:
Renew the cert from your CA authority, like Digicert
- Export the cert file in cer format with private key.
- Copy the cert file to AD FS server, open MMC.exe, Add snap-in > certificate > Computer account > local computer
- Import the cert file to certificate ( local computer) > personal > Certificates
- Double click the Cert imported, go to Details tab, select Show <All>, find thumbprint, copy the thumbprint to a text file without space in the middle, something like ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’
- On Ad FS server, run powershell with administrator privilege.
- Use following cmdlet to install the new SSL certificate:
Set-AdfsSslCertificate -Thumbprint ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’
- Go to AD FS Management console, Expand Service > Certificates . In the Right Pane, click Set Service Communication Certificate…
- Choose the Certificate you imported, click OK.
- Restart the ADFS services.