Hey all, once a year I have to go through the heartache of updating my ADFS cert, and I’m wondering if this is the year I try to switch this one to a LE cert.
I love the ease of use that the CTW app provides. However, I’m certainly not an ADFS expert, so I worry about “doing it wrong” and having to fight unwinding how to fix.
If it’s not proprietary, could anyone share what all the deploy to ADFS task does?
Also, anyone have any advice on a process to use CTW to push the cert to WAPs as well?
Hi, yes we do have a built-in ADFS task for basic deployment, it’s worth noting that I’m not at all skilled with ADFS, so the script we have is based on user examples. That said, it seems to work well for basic use.
It certainly wise to be cautious and try it out on a test system, but if you review the code you can probably see you should be able to fix anything it does via the normal administrative UI.
You could optionally use a PowerShell scripting task and do the same thing with custom changes:
I can’t advise on Windows Web Application Proxy (which I presume is what you mean by WAP, not a mobile website from 15 years ago!) but if you can find a powershell script that updates the current ssl certificate for that then I could help you adapt that here.
From Set-WebApplicationProxySslCertificate (WebApplicationProxy) | Microsoft Docs it looks like you could perhaps use:
param($result)
Set-WebApplicationProxySslCertificate -Thumbprint $result.ManagedItem.CertificateThumbprintHash
However you may also need to a task to restart the WAP service (if required).
Note that all these examples assume the certificate is already installed into the local machine certificate store under Personal/My, before running the script, which is the default case if you are running this on the same machine that Certify has renewed the certificate on.