You’ll need to confirm this by going into the certificate store and looking at the details of the certificate you set to be the service communication cert to see if the thumbprint there matches what you see with the GET command. At this point you want to take that hex and paste it out to notepad and then remove all of the spaces and then when you issue the SET command make sure to paste that value for the CORRECT certificate in as the thumbprint.Next run Set-Adfs Ssl Certification –thumbprint XXXXXXXXXXXXXXXXXXXXXX Restart the ADFS Service (restart-service adfssrv) The Powershell for all of this (including installing the role/feature) is: OPTIONAL: Using a Web Application Proxy Server Now if you are using a Web Application Proxy Server in front of your ADFS Server you need to do a few things.
Each federation server uses a token-signing certificate to digitally sign all security tokens that it produces.
Because each security token is digitally signed by the account partner, the resource partner can verify that the security token was in fact issued by the account partner and that it was not modified.
The federation server uses Secure Sockets Layer (SSL) server authentication certificates to secure Web services traffic for communication with Web clients or the federation server proxy.
These certificates are requested and installed through the Internet Information Services (IIS) snap-in.
If you already have published web applications those won’t go away.
When you reinstall the WAP feature you’ll see your list of published apps show back up.You might run into what I did which is what was messing me up and prompted me to author this article.For some reason for me when I issue the Get-Adfs Ssl Certificate command it still showed my OLD certificate – not the new one that I just updated with the set service communication certificate step above.In this situation, the digital signatures verify the origin and integrity of security tokens that are issued by other federation servers in the account partner.The digital signatures are verified with verification certificates.Basically, just walk through the wizard setup for the WAP again and then select the certificate we’ve been talking about from the list when the setup asks you. You can try the Power Shell commands here – hopefully they work for you: Set-Web Application Proxy Ssl Certificate -Thumbprint thumbprint (the thumbprint is the same as the one we used above so you should be able to just copy and paste.