Installing an Existing Certificate in ADFS

Primary AD FS Server

• First follow the Windows Instructions found here Install an Existing SSL Certificate on a Windows Server
• Open mmc and add the AD FS snap-in.
• Console Root –> AD FS –> Service –> Certificates
• Set Service Communications Certificate –> Select the new certificate
• Select the new certificate under Service communications –> Right-click and select View Certificate –> Details tab
• Locate the Thumbprint field and copy the value and paste it to a text editor. Remove all spaces from the thumbprint.
• Open Powershell and run the following commands inserting the thumbprint where noted.

 Get-AdfsSslCertificate

• Note the CertificateHash.

 Set-AdfsSslCertificate –Thumbprint "thumbprint_here"

• The CertificateHash should have changed.
• Restart the server or the ADFS service.

Secondary AD FS Server (WAP Server)

• First follow the Windows Instructions found here Install an Existing SSL Certificate on a Windows Server
• Open Powershell as Administrator and run the following commands inserting the thumbprint where noted.

Get-WebApplicationProxyApplication

• Note the value of the Name field (WebAppName)

Set-WebApplicationProxySslCertificate –Thumbprint "thumbprint_here"
Get-WebApplicationProxyApplication –Name "WebAppName" | Set-WebApplicationProxyApplication –ExternalCertificateThumbprint "thumbprint_here"

• Restart the server or the ADFS service.