Update-ADFSCertificate

Update-ADFSCertificate

Updates the certificates of the Federation Service.

Syntax

Parameter Set: Default
Update-ADFSCertificate [[-CertificateType] <String> ] [-PassThru] [-Urgent] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Update-ADFSCertificate cmdlet creates new certificates for the Federation Service. When automatic certificate rollover is enabled and Active Directory Federation Services (AD FS) 2.0 is managing the certificates that are used for signing, this update cmdlet can be used to initiate a rollover.

Parameters

-CertificateType<String>

Indicates the type of certificate to rollover. Valid types include Token-Encryption and Token-Signing.

-PassThru

-Urgent

Specifies that the certificate rollover should happen immediately. An urgent rollover removes older certificates immediately. It might result in a service outage as trusts update to use the new certificates.

-Confirm

Prompts you for confirmation before running the cmdlet.

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

• None

Outputs

The output type is the type of the objects that the cmdlet emits.

• None

Notes

• The Urgent parameter option is useful for emergency rollover situations in which a key might be compromised.

Examples

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

Updates the token-signing certificate.

C:\PS>Update-ADFSCertificate -CertificateType Token-Signing

Related topics

Add-ADFSCertificate

Remove-ADFSCertificate