Updating certificates

This notification does not apply to SSL Certificate, also known as Service Communications Certificate.

The number of days represents the day where the service will stop. How to calculate the effective day: The new Certificate will be generated 20 days before the certificate expirations date: 1) Go to Powershell 2) Connect-Msol Service 3) Get-Msol Federation Property 4) Check [Certificate Generation Threshold: 20] The new certificate will be promoted to Primary after 5 days: 1) Go to Powershell 2) Connect-Msol Service 3) Get-Msol Federation Property 4) Check [Certificate Promotion Threshold: 5] Knowing that AD FS Service only uses the primary certificate, as we will switch the certificates 15 days before the current primary certificates expires the service will stop 15 days before the current certificate expiration.

You can modify the list of servers that are displayed by adding or removing the servers to reflect the current configuration of the AD FS farm.

As soon as the server information is provided, Azure AD Connect displays the connectivity and current SSL certificate status.

By default, Token-Signing and Token-Decrypting Certificates will expire one year after your ADFS was setup.

Near to the expiration period you will get the following notification on your Portal Admin Page.

If the existing primary certificate (Token Signing or Token Decryption) expiration time is within the window of the Certificate Generation Threshold value (20 days), then a new certificate is generated and configured as the secondary certificate.

The Office 365 portal will warn you when these certs are about to expire and that user access to all Office 365 services will fail.Normally the SSL certificate for the AD FS farm comes from a trusted third-party CA, like Digi Cert or Verisign.This is a traditional SSL cert like you would use in IIS for any secure web server.Certificate Duration: 365 - Validity period of the auto-generated Certificate.Certificate Generation Threshold: 20 - Days before expiration of current primary a new certificate will be generated.

