Rotate ADFS certificate on D365FO on-premises

While planning for a D365FO on-premises deployment, Authentication a very key, as this enables users to communicate across Microsoft products. One of these authentication methods is the Active Directory Federation Services (AD FS).

AD FS is the authentication method used in an on-premises deployment. AD FS provides access control and single sign-on across a wide variety of applications including Microsoft 365, cloud-based SaaS applications, and applications on the corporate network.

When the ADFS certificate expires, we can generate a new one that will last for a year.

 

New-SelfSignedCertificate -CertStoreLocation "cert:\CurrentUser\My" -DnsName "adfs.contoso.com" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -Subject "adfs.contoso.com"

Get the certificate Thumbprint and run the following to set the certificate.

Set-ADFSSslCertificate -Thumbprint 'XXXX27ABA9C9FF4B669E708C105CFDXXXXX'

and make sure you install your AD FS SSL certificate to the Trusted Root Certification Authorities store(Local machine) on the AOS machine(s).

 

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I faced the above error which took over 24 hours just because the ADFS certificate was not set.