question

Ron-4804 avatar image
0 Votes"
Ron-4804 asked piaudonn answered

ADFS Multiple certificates from "Microsoft PolicyKeyService Certificate Authority"

Recently I start receiving that certificates on our ADFS server are about to expire.
So first I looked in the ADFS management console, Service, Certificates.
But all certificates like Service Communications, Token-decrypting and Token-signing are up-to-date.

So I start looking at the local certificate store, to find out all the certificates are all issued by CN=Microsoft PolicyKeyService Certificate Authority.
And there are a lot of them!
77670-overview-certificates.jpg



When I searched the web I did found out that they have something to do with the Health service. There are just a few similar cases, but none of them answer my questions, hopefully they will be answered here.

  1. Is there an option to renew them manually to get rid of the expiration warning events?

  2. Why are there so many certificates?

  3. Is it safe to remove them once they expire?

I hope somebody can help me on this issue.



adfsazure-ad-connect-health
overview-certificates.jpg (121.2 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RonHouet-4219 avatar image RonHouet-4219 ·

No one? I have the same question.

0 Votes 0 ·

1 Answer

piaudonn avatar image
1 Vote"
piaudonn answered

AFAIK, those are certificates generated by the installation and updates of the Azure AD Connect Health agent.
It uses only the latest one and renew automatically every 6 months I believe.
In any cases, it is safe to remove the one which have expired and even the one which have been superseded by a more recent one (even if it hasn't expire).
Hope this helps!

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.