Update certificate for ADFS 3.0

LMS 156 Reputation points
2020-09-20T08:43:50.657+00:00

Hi

The current wildcard certificate used with ADFS (Windows 2016, FBL 3.0) is about to expire in 2 weeks. We are not using any WAP, using F5 as reverse proxy. Shell we follow below steps to update the certificate

  • Import the new wildcard certificate to ADFS server and provide read permission to ADFS service account
  • From ADFS console, with the new certificate select "Set Service Communications Certificate"
  • Set the new certificate :- Set-AdfsSslCertificate -Thumbprint “thumbprintofthenewsslcert" and restart the ADFS service
  • Update the certificate with F5

Here we have once concern. The existing certificate subject contains the published domain name as *.domain.com, while the new certificate subject contains another domain name as *.seconddomain.com with SAN contains published domain name as *.domain.com. Will this cause any issue with ADFS publishing?

Thanks in advance

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,261 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pierre Audonnet - MSFT 10,191 Reputation points Microsoft Employee
    2020-10-27T11:09:24.637+00:00

    It is fine.
    Note that if you want to be supported with F5 as a WAP replacement, make sure you use the version 13.1.0 or higher (see: https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-ve-13-1-0.html)

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.