I have to replace the ADFS certificate on the server. How can I determine all the servers involved in ADFS.
I plan to use the following method:-
1. Import the new certificate into the server certificate store.
2. From the ADFS management console set services communications certificate and select the new certificate. Do the same for token signing. Restart ADFS service.
3. Run following command with the thumbprint of new cert:
Set-AdfsSslCertificate –Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
4. On the ADFS WAP server run following commands for the new cert thumbprint:-
Set-WebApplicationProxySslCertificate –Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Set-WebApplicationProxyApplication –ExternalCertificateThumbprint xxxxxxxxxxxxxxxxxxxxxxxxxx
Do we need to do something from the vendor side who use ADFS for sso?
And any other step to think of?
And if ADFS is used for Office 365 then are there more steps to follow?
Microsoft OfficeMicrosoft 365* Active Directory Federation Services (ADFS)