Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 773 other subscribers


  • LinkedIn
  • RSS Feed for Posts
  • Twitter
  • StumbleUpon

[Solved] How to update ADFS certificate local and online Office 365

This week I had a customer who received an e-mail from Microsoft, about the expiration of there certificate for Single Sign on ( ADFS SSO )


Problem :

The customer has updated this certificate by himself, but still I receives these messages from Microsoft.

Solution :

Check the certificates in MMC (computer certificates) => looks fine

Check the online certificate settings => not good this is the old certificate

Execute these command’s on the internal ADFS server in an elevated powershell

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic –AllowRedirection

Import-PSSession $Session

Connect-MsolService -Credential $UserCredential

Set-MsolADFSContext –Computer <= FQDN

Update-MsolFederatedDomain –DomainName

Get-MsolFederationProperty –DomainName

Check the ADFS serve => still 2 certificates are not changed to the new certificate

These need to be changed

With these error you have to execute:

PS C:\Windows\system32> add-pssnapin microsoft.adfs.powershell

PS C:\Windows\system32> Set-ADFSProperties -AutoCertificateRollover $false

Change the certificate in the actions pane

Select the secondary certificate and select “Set as Primary”

Select the Secondary (old certificate) and click Delete

Now everything is fine


Sync to Office 365 :

Update the domain at Microsoft :

Update-MsolFederatedDomain –DomainName

Check at Microsoft:

Get-MsolFederationProperty –DomainName

Everything is fine now