The following event log on the ADFS server indicates the SSL certificate has expired:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Log Name: AD FS/Admin Source: AD FS Date: 4/23/2018 11:35:49 AM Event ID: 381 Task Category: None Level: Error Keywords: AD FS Description: An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint '365CB832EA38FB61E74C57AF6E875233507DD25E'. Possible causes are that the certificate has been revoked or certificate is not within its validity period. The following errors occurred while building the certificate chain: MSIS2013: A required certificate is not within its validity period when verifying against the current system clock. User Action: Ensure that the certificate is valid and has not been revoked or expired |
ADFS Management Console shows the certificates:
Running the following command we can see the certificate settings for ADFS:
1 2 3 4 5 6 7 8 9 10 11 |
Get-AdfsProperties | FL AutoCert*, Certificate* AutoCertificateRollover : False CertificateCriticalThreshold : 2 CertificateDuration : 365 CertificateGenerationThreshold : 20 CertificatePromotionThreshold : 5 CertificateRolloverInterval : 720 CertificateSharingContainer : CertificateThresholdMultiplier : 1440 |
I changed the settings to Auto Rollover and have a certificate duration for 3 years.
1 |
Set-AdfsProperties -CertificateDuration 1095 -AutoCertificateRollover $True |
Looking at the ADFS certificates now shows the decrypting certificate has been updated.
Without restarting any services the issue has been resolved.