Solved

AD FS Certificate question

Posted on 2015-01-03
3
645 Views
Last Modified: 2015-01-23
I am running ADFS, I have an ADFS Proxy and i have Office 365.  

Simply put my certificates have expired.  I am not ADFS expert but it is left to me to resolve so i need some assistance.  the cert was automatically renewed at godaddy.  i downloaded the cert to the primary ADFS Server and i have updated in ADFS Manager the Service Communication Certificate i restarted the server,  i can see that a separate certificate has been added under token signing that relates to the new certificate i have installed however it i set to Secondary and the option to set to primary is greyed out.

Also the Token Decrypt cert is also set to an old certificate,  i have automatic certificate renewal is set to true and i believe that this decrypting cert will also renew with time i am not sure.  i do not have the ability to auto add a cert due to this feature being enabled that said i am running server 2012.  is this the case?  Will the decrypt certificate automatically add.  also i need to set the secondary Token Signing certificate to Primary, as i stated it is greyed out.  i read something about a grace period where by it will automatically set itself to primary in about 5 days but this is no good for me if we have no service.  is there a way around it bearing in mind the old certificate is now expired.
0
Comment
Question by:ProjNet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40529724
Take a look at the step-by-step guide here on how to update your ADFS certificates. If auto cert renewal is enabled it will do it for you.

Step-by-Step ADFS Certificates

Will.
0
 
LVL 41

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40530014
From what you are describing, seems like the communication cert has expired. The communication cert does not necessarily relate to the token signing/decrypting ones, and as such you shouldn't need to take any further action.

Double-check if the token certs are indeed self signed (as it should be with auto-renewal) and when they will expire. While the auto-renew feature will indeed issue a new cert, updating the metadata for the O365 and any other trusts still need to be performed. You can take advantage of the little script Microsoft provides to automate this process for O365: https://gallery.technet.microsoft.com/scriptcenter/Office-365-Federation-27410bdc

Again, this will only help for the O365 trust, if you have any other trusts they will need to be updated once the new certificate/metadata has been published.
0
 

Author Closing Comment

by:ProjNet
ID: 40566650
Thanks, we went through it all
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Microsoft is moving in-place eDiscovery & hold from ECP to EOP console under Content Search in Search and Investigation Options.  In this post, I will be showing you how to export emails to a PST file using the Content Search Options.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question