Add-Adfs Certificate

Adds a new certificate to AD FS for signing, decrypting, or securing communications.

Syntax

Add-AdfsCertificate
   -CertificateType <String>
   -Thumbprint <String>
   [-IsPrimary]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-AdfsCertificate cmdlet adds a new certificate to Active Directory Federation Services (AD FS) for token signing, token decrypting, card signing, or securing communications.

Examples

Example 1: Add a token-signing certificate

PS C:\> Add-AdfsCertificate -CertificateType "Token-Signing" -Thumbprint ‎"fedd995b45e633d4ef30fcbc8f3a48b627e9a28b"

This command adds a token-signing certificate with the thumbprint fedd995b45e633d4ef30fcbc8f3a48b627e9a28b.

Required Parameters

-CertificateType

Specifies the type and purpose of the certificate. The acceptable values for this parameter are:

  • Service-Communications
  • Token-Encryption
  • Token-Signing
Type: String
Parameter Sets: Token-Decrypting, Token-Signing
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Thumbprint

Specifies the thumbprint of the certificate to use.

Type: String
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-IsPrimary

Indicates that the certificate is primary or not. Primary token-signing certificates are used to digitally sign outgoing claims. Primary token-encrypting certificates are published in federation metadata for use by trusted claims providers. Service communications certificates are always primary certificates.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

Inputs

None

Outputs

None

Notes

  • Active Directory Federation Services (AD FS) 2.0 uses certificates for issuing and receiving tokens, publishing federation metadata and communicating through Secure Sockets Layer (SSL).