Without IIS it is not as straight forward as one would like, but it is still pretty simple with this walk through.
- Launch "MMC" and add the Certificates Snap-in specifying "Local Computer".
- Open the "Personal > Certificates" and right click your existing certificate, choose "Delete from the options.
- Right click any open space where your old certificate was and choose "Import".
- Navigate to your new certificate, specify the certificate password and continue through the prompts.
- Once you see the new certificate in the MMC, double click it and choose the "Details" tab. Scroll down to "Thumb Print" and click it one time. You will see a series of letters and numbers in the bottom window. Copy those numbers and paste them into a blank Notepad document. Move Notepad aside but do not close it.
- Close the Certificates MMC.
- Open AD FS Management and navigate to AD FS > Service > Certificates.
- On the right side, click "Set Service Communications Certificate" and chose your new certificate.
- Close AD FS Management.
- Back to NotePad, Delete all the spaces from your pasted text.
- Copy the thumb print (CTRL+C).
- Launch PowerShell as Administrator.
- In Powershell, type: Set-AdfsSslCertificate
- When prompted for the Thumb Print, press CTRL+V to paste your certificate thumb print into PowerShell and press enter.
- Close PowerShell.
- Open Services and restart the ADFS Service.
- Launch your ADFS portal and confirm your new certificate is being used.
Thanks for reading, I hope this helped!
John "Mike" Wright