Set a Service Communications Certificate
Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Federation servers in Active Directory Federation Services (AD FS) use the service communications certificate to secure Web services traffic for Secure Sockets Layer (SSL) communication with Web clients or with federation server proxies. This is the same certificate that a federation server uses as the SSL certificate in Internet Information Services (IIS).
You can use the following procedure to change the service communications certificate with the AD FS Management snap-in.
The AD FS Management snap-in refers to server authentication certificates for federation servers as service communication certificates.
Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To set a service communications certificate
On the Start screen, typeAD FS Management, and then press ENTER.
In the console tree, double-click Service, and then click Certificates.
In the Actions pane, click the Set Service Communications Certificate link.
In the Select a service communications certificate dialog box, navigate to the certificate file that you want to set as the service communications certificate, select the certificate file, and then click Open.