You setup ADFS 3.0 with an Web Application Proxy and now need to change the SSL certificate for a published Web Application.

But as the installation of IIS is not required and necessary its not possible to perform that via the IIS management console. You also found no options in the Remote Access Management console. So how can you change the certificate?

The solution here is using powershell.

1.) Import at first the certificate (with public key) via MMC.

2.) Once done you need the Thumbprint, you can get that via MMC or more easier via:

dir Cert:\LocalMachine\My

3.) Once you have the certificate thumbprint you can fetch up the ID from the web application you wish to change

get-WebApplicationProxyApplication | fl

4.) After that you can use the ID and the Certificate Thumbprint to change the configured SSL certificate

Get-WebApplicationProxyApplication -ID 4413ab09-388d-09f9-848b-ee45db528f95 | set-WebApplicationProxyApplication -ExternalCertificateThumbprint D04760EA713A37B49FE03D03ED4339B5962D0337

5.) Validate the change now via:

get-WebApplicationProxyApplication | fl

or

netsh http show ssl

You can also use external services like https://www.sslshopper.com/ssl-checker.html or https://www.ssllabs.com/ssltest/analyze.html

 

Comments (0)

There are no comments posted here yet

Leave your comments

Posting comment as a guest.
Attachments (0 / 3)
Share Your Location