Updating certificates

You may use a Single-name, subject alternative name (SAN), or wildcard cert for this purpose as long as it's valid and trusted by internal and external AD FS clients.

You can find more information about the certificate requirements here.

If you did not change this value from “True” to “False”, no renewal operation regarding token certificates is needed, this will happen automatically based on triggers explained below.

Default values of ADFS - [see details below for default values]: The Rollover interval is checked by the AD FS service every 720 minutes (12 hours).

Azure AD Connect doesn't modify the configuration on AD FS to reflect the change.Active Directory Federation Services (AD FS) 3.0 is a server role included in Windows Server 2012 R2.Active Directory Federation Services (AD FS) 4.0 is a server role included in Windows Server 2016.In this situation, the digital signatures verify the origin and integrity of security tokens that are issued by other federation servers in the account partner.The digital signatures are verified with verification certificates.

Leave a Reply