question

AamirMasthan-9388 avatar image
0 Votes"
AamirMasthan-9388 asked ·

ADFS SSL renewal issue

Hello All,

we got new SSL certificate to udpate ADFS WAP and ADFS server
imported the SSL certificate local store and provided the service accout full control
select set service communication as primary -done
ADFS management shows new service communication certificate
when i run Set-AdfsSslCertificate >thumbprint of new certificate> shows error - not found in local store
Get-AdfsSslCertificate - is also blank
restarted the ADFS services as well - no luck
ran Netsh http add sslcert hostnameport=adfs.XXXXXX.nl:443 certhash=<thumbprint of new certificate> appid={5d89a20c-beab-4389-9447-324788eb944a} certstore=my
error The system cannot find the file specified.
Please advise

adfs
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

sagus avatar image
0 Votes"
sagus answered ·

Are you sure that you have added this certificate with private key? If you open certlm.msc on server do you see certificate in local store? If you open certificate properties, is certificate chain looks correct?

Regards
Konrad

· 2 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AamirMasthan-9388 avatar image AamirMasthan-9388 ·

hello

anwser to your questions

1) Not sure
2) Yes certificate is available at certlm.msc
3) Certification path has only this cert and below has the mess 'The issuer of the certificate could not be found'

regards
Aamir Masthan

0 Votes 0 ·
sagus avatar image sagus AamirMasthan-9388 ·

This is your answer - not all cerificates authority by default are published by Microsoft. But on Certificate Autority web page you should find link to download Root certificate and intermediate certificate (sometimes it's called certificate chain). Than you must download it and import to local certificate store (to proper one, of course).

0 Votes 0 ·