Change ADFS TLS Certificate

There are different ways to get this wrong.

The Problem

We need to change a TLS certificate that is used by ADFS to a new one.

The Solution

First of all, import your new TLS certificate and private key.

Open command prompt (CMD) as administrator and execute the following command (where is the file we want to import):

certutil -importpfx AT_KEYEXCHANGE

Make sure to provide the password used to protect the PFX file.

Open Powershell as administrator and execute the following command:

Set-ADFSProperties -AutoCertificateRollover $false

Find the new certificate’s thumbprint, see the image below for more info.

Set ADFS certificate using the thumbprint:

Set-AdfsSslCertificate -Thumbprint 881654f591f8bf73359524f46008e20509df08a5

Undo previous changes and restart the ADFS service:

Set-ADFSProperties -AutoCertificateRollover $true
Restart-Service ADFSSRV

Leave a Reply

Your email address will not be published. Required fields are marked *