Hi,
The Communication certificate on our ADFS (server 2012 R2) has been expired for 2 years and does not appear to be negatively impacted at all by it. I still want to change it. Most docs say that the IIS Certificate and the Communication Certificate should be the same Cert. In our environment we use an alias DNS for convenience so the binding is not our server FQDN. Its a truncated DNS name. The IIS Cert is a valid wildcard for the truncated name. Example
FQDN Domain name: <adfs-servername>.part1.part2.part3.com
Truncated alias name: adfs.part2.part3.com
Question. Should I create a self signed subordinate cert for the communication cert using the FQDN or can I use the same wildcard cert so they match?
Thanks