Thursday 21 January 2021

Replace ADFS Service Communication SSL Certificate ADFS 3.0

  1. Log onto the AD FS server and from the certificates MMC snap in, import the new certificate to the server into the Personal certificate store. Right click Certificates item and select All Tasks > Import option. Import your PFX bundle.
  2. Right click the new certificate and select All Tasks > Manage Private KeysAssign read permission to the service account used to run the AD FS service and click OK.
  3. Launch the AD FS Management Console, expand the Service menu in the left pane and click Certificates. Click the link Set Service Communications Certificate to set the new certificate. Select the valid certificate and click OKClick OK to close the message. The  certificate under Service communications has been updated.
  4. Right click the new imported SSL certificate and select OpenSelect Details tab, find the Thumbprint for the new certificate and copy it, removing any spaces. From PowerShell run the command Set-AdfsSslCertificate –Thumbprint <ThumbprintID>
  5. Restart the ADFS service on the server 
Update the Web Application Proxy Server

  1. Log onto the WAP server and import the new certificate as per the above steps
  2. Open PowerShell and run the command Set-WebApplicationProxySslCertificate –Thumbprint <ThumbprintID>

at No comments:

Thursday 14 January 2021

Replacing SSL certificates on exchange 2013

 

  • Copy pfx file to exch03
  • Open exchange powershell as admin and run “certutil -csp "Microsoft RSA SChannel Cryptographic Provider" -importpfx name_of_file.pfx” – failing to import like this will and doing it through the GUI may lead to a loop when logging into ECP/OWA
  • Assign SMTP and IIS services in ECP > Servers > Certificates, overwriting old certificate. 
  • From a command prompt as admin, run “iisreset” – this will interrupt your exchange services
  • Delete old certificate. If it complains that IIS/SMTP services are still in use, run this powershell to enable those services on your new certificate "Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services 'iis,smtp' 
  • If it complains that it is in use on a send connector when trying to delete the old certificate, follow these steps:

  1. From ECP, open the certificate you want to use and note the thumbprint
  2. In exchange powershell run “$cert = Get-ExchangeCertificate -Thumbprint <thumbprint>”
  3. Set a new variable and assign it the concatenated values of the Issuer and Subject values of the certificate (must also include <I> and <S> before each field):
    $TLSCert = (‘<I>’+$cert.issuer+'<S>’+$cert.subject)
  4. Update the send connector with the new values
    Set-SendConnector -Identity “sendconnectorname” -TLSCertificateName $TLSCert

 

at No comments:
Subscribe to: Posts (Atom)