With ADFS 3.0 and Web Application Proxy the installation of
IIS is not required and necessary. The binding for certificates on the ADFS and
WAP service can be done with PowerShell. In this example the
same certificate will be used for ADFS and all WAP applications.
The desired
certificate must have been installed into the local machines certificate store and
the hash value of the certificate will be used to reference the certificate. To
list all available certificates run:
dir
Cert:\LocalMachine\My
example:
Thumbprint Subject
---------- -------
---------- -------
9450B39AAAE6F203DD68AC1EA1D8D46A8C581E41 CN=certold.mydomain.com
921461C2FF106D4A50A6F3574D1CC25A7D4451B9 CN=certnew.mydomain.com
921461C2FF106D4A50A6F3574D1CC25A7D4451B9 CN=certnew.mydomain.com
Now run the PowerShell commands to bind the new certificate:
get-WebApplicationProxyApplication
DRS | set-WebApplicationProxyApplication -ExternalCertificateThumbprint
get-WebApplicationProxyApplication
Workfolders | set-WebApplicationProxyApplication -ExternalCertificateThumbprint
Set-WebApplicationProxySslCertificate
-Thumbprint
Now restart the ADFS service
stop-service "Active
Directory Federation Services"
start-service "Active
Directory Federation Services"
For verification you
can run these commands and verify that the new hash is active:
get-WebApplicationProxyApplication
DRS
get-WebApplicationProxyApplication
Workfolders
get-WebApplicationProxySslCertificate
No comments:
Post a Comment