stackoom
  简体   繁体   中英

ADFS SSL Certificate: What is the purpose of the secondary certificate?

 原文  2018-09-17 03:59:50       windows/ ssl/ server/ x509certificate/ adfs

Question

In the ADFS, you have a primary and secondary certificate. In the link https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/certificate-requirements-for-federation-servers , they mentioned that you can have multiple token-signing certificate configured but only the primary token-signing certificate is used by the ADFS to actually sign tokens.

Is the only purpose of the secondary certificate is to allow auto cert rollover to avoid manual intervention after the current certificate expires at the ADFS end?

1 answers

solution1
 0 ACCPTED  2018-09-17 20:25:30

Correct, during the rollover period the secondary certificate is available to give the RP etc. time to update.

The secondary is then promoted to primary and the original primary is deleted.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ADFS - Certificate not unique Verify SSL certificate HWIOAuthBundle - SSL certificate on Windows What's the correct way to verify an SSL certificate in Win32? Binding an SSL certificate to a port programmatically HttpListener with SSL certificate hanging on GetContext() SSL certificate expiration date on Windows SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed ncat SSL issues, Certificate verification failed (self signed certificate) Script for Install SSL Certificate on Trusted Root Certificate Store
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM