You setup ADFS 3.0 with an Web Application Proxy and now need to change the SSL certificate for a published Web Application.
But as the installation of IIS is not required and necessary its not possible to perform that via the IIS management console. You also found no options in the Remote Access Management console. So how can you change the certificate?
The solution here is using powershell.
1.) Import at first the certificate (with public key) via MMC.
2.) Once done you need the Thumbprint, you can get that via MMC or more easier via:
dir Cert:\LocalMachine\My | fl
or better
dir Cert:\LocalMachine\My | select Subject,NotBefore,Thumbprint
3.) Once you have the certificate thumbprint you can fetch up the ID from the web application you wish to change
get-WebApplicationProxyApplication | fl
4.) After that you can use the ID and the Certificate Thumbprint to change the configured SSL certificate
Get-WebApplicationProxyApplication -ID 4413ab09-388d-09f9-848b-ee45db528f95 | set-WebApplicationProxyApplication -ExternalCertificateThumbprint D04760EA713A37B49FE03D03ED4339B5962D0337
5.) Validate the change now via:
get-WebApplicationProxyApplication | fl
or
netsh http show ssl
You can also use external services like https://www.sslshopper.com/ssl-checker.html or https://www.ssllabs.com/ssltest/analyze.html
Â
