I recently needed to update the certificate issued by our ADFS server on our dev/QA SharePoint 2010.
I found few posts online with good pointers, but not one of them solved my issue, so I came to compile a list of actions I did to fix the certificate and make it work.
I cannot say if some steps are not needed or wrong, but this is what I did exactly on 2 environments and worked on both, step by step:
On ADFS server
set-adfsproperties -CertificateDuration 730
update-adfscertificate -CertificateType: Token-Signing -Urgent:$True
update-adfscertificate -CertificateType: Token-Decrypting -Urgent:$True
Open ADFS management
export both signing and decrypting certificate to .cer file
copy the cer files to your SharePoint 2010 machine
Install both certificates in trusted root by right clicking on them –> install certificate. Choose location “trusted root authority”
(I used signing certificate in power shell):
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\test\adfs-signing.cer")
-- copy the id at the end of the printout, replace it in the following command:
Set-SPTrustedRootAuthority -Identity "[id]" -Certificate $cert
-- copy the name at the end of the printout, place it in the following command:
Set-SPTrustedIdentityTokenIssuer "[Name]" -ImportTrustCertificate $cert
On central admin
Go to security, manage trust
Update 2 certificates there (click on them, click edit, upload the new .cer files)
Delete "local" and recreate it in power shell:
$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
Run IISRESET – very important!
Pray, finger crossed, tell your wife you love her and make sure no one in the world is angry at you
Open browser and try to login to your HTTPs site using ADFS and if you did everything right it should work.
Like I said, it was working for me on our dev/QA environments, so I am not asking questions – if you have comments on something I should/could have done different, feel free to leave a comment.