0

I can't find an answer to this, so I'm hoping you good people will know. I'm about to install ADFS into Production including a Web Application Proxy in the DMZ. When WAP is joined to a farm or a single ADFS server, it generates a self-signed certificate and this is copied into the AdfsTrustedDevices certificate store on the ADFS server. In the text environment, I've noticed that the certificate only has a life span of 5 days, so I'm assuming that the WAP server will generate a new certificate when the old one expires and send it to the ADFS server.

Does anyone know if this is correct?

Z.T.
  • 7,768
  • 1
  • 20
  • 35
Paul G
  • 3
  • 5

1 Answers1

1

Initial certs used during role configuration have a short lifetime. But regular certs generated by each WAP henceforth will last 20 days by default. They are renewed automatically.

If the trust between the WAP and the AD FS breaks after a long duration of been offline (and thus cert expiring), simply re-run the WAP configuration via PowerShell or re-enable the GUI and launch the wizard by toggling the registry value as shown in https://blogs.technet.microsoft.com/rmilne/2015/04/20/adfs-2012-r2-web-application-proxy-re-establish-proxy-trust/

maweeras
  • 166
  • 2