Solved

AD FS Certificate question

Posted on 2015-01-03
3
398 Views
Last Modified: 2015-01-23
I am running ADFS, I have an ADFS Proxy and i have Office 365.  

Simply put my certificates have expired.  I am not ADFS expert but it is left to me to resolve so i need some assistance.  the cert was automatically renewed at godaddy.  i downloaded the cert to the primary ADFS Server and i have updated in ADFS Manager the Service Communication Certificate i restarted the server,  i can see that a separate certificate has been added under token signing that relates to the new certificate i have installed however it i set to Secondary and the option to set to primary is greyed out.

Also the Token Decrypt cert is also set to an old certificate,  i have automatic certificate renewal is set to true and i believe that this decrypting cert will also renew with time i am not sure.  i do not have the ability to auto add a cert due to this feature being enabled that said i am running server 2012.  is this the case?  Will the decrypt certificate automatically add.  also i need to set the secondary Token Signing certificate to Primary, as i stated it is greyed out.  i read something about a grace period where by it will automatically set itself to primary in about 5 days but this is no good for me if we have no service.  is there a way around it bearing in mind the old certificate is now expired.
0
Comment
Question by:ProjNet
3 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40529724
Take a look at the step-by-step guide here on how to update your ADFS certificates. If auto cert renewal is enabled it will do it for you.

Step-by-Step ADFS Certificates

Will.
0
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40530014
From what you are describing, seems like the communication cert has expired. The communication cert does not necessarily relate to the token signing/decrypting ones, and as such you shouldn't need to take any further action.

Double-check if the token certs are indeed self signed (as it should be with auto-renewal) and when they will expire. While the auto-renew feature will indeed issue a new cert, updating the metadata for the O365 and any other trusts still need to be performed. You can take advantage of the little script Microsoft provides to automate this process for O365: https://gallery.technet.microsoft.com/scriptcenter/Office-365-Federation-27410bdc

Again, this will only help for the O365 trust, if you have any other trusts they will need to be updated once the new certificate/metadata has been published.
0
 

Author Closing Comment

by:ProjNet
ID: 40566650
Thanks, we went through it all
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now