Share
Report
15Hi all, new poster looking for some support. I'm relatively new to ADFS, our last admin is unavailable at the moment, so I'm looking for some help please!
My ADFS SSL Certificate expires in 5 days. I've renewed the certificate & installed on my ADFS Server (ADFS 2.0 Windows Server 2008 R2 - yes I know, it's soon to be removed from our estate!)
Steps Taken so far;
- Installed new certificate from CA on the ADFS Server
- In ADFS 2.0 Management I've generated new Token Signing & Token Decrypting Certs & set these both as primary. I've also added the new cert for "Service Communications"
- I've then opened up IIS Manager on the ADFS Server & changed the default site binding to use the new cert, then done an IIS Reset.
At this stage, I had no access to CRM on the web. So I went over to the CRM Application server & went through the Claims Based Authentication & IFD Configuration pages, accepting the already set defaults as per this guide I found - https://tisski.com/expiring-adfs-certificates/
This then restored CRM access, great!
Only, when inspecting the certificate being used for IFD & CBA, I see it's still using the old cert that's due to expire in 5 days. Not good! So I then;
- Installed the new PFX Cert from the ADFS server on the CRM App Server. This cert now shows in MMC on the app server under Personal (along with the old one)
Now, when I try to switch over to the new certificate for CBA & IFD, I get the error "The encryption certificate 'CN=*.xxx, O=xxx, L=xxx, S=xxx, C=GB' does not exist in the local computer certificate store"
Any ideas what I'm missing here?
Thanks in advance, hopefully I've been clear in my description of what's happened so far!
All responses (
Answers (
