Layer7 Access Management

Tech Tip: CA Single Sign-On : How to manually update the expiring signing certificate for Office 365 federation.

  • 1.  Tech Tip: CA Single Sign-On : How to manually update the expiring signing certificate for Office 365 federation.

    Posted 09-27-2016 09:48 PM

    Updating the certificate at the AdminUI is pretty straight forward as it is GUI based.

    Navigate to the expiring certificate and at the "Action" button select "Update Certificate" from dropdown list.

     

    The missing part is how to update the certificate at the Azure side.

     

    Run the Windows Azure Active Directory Module.
    Run "Connect-MsolService" and enter your O365 admin credential.
    Run "Get-MsolDomainFederationSettings -DomainName <yourdomain>"
    Get the renewed certificate(in base64 format) and remove all the header/footer/carriagereturn to make 1 line base64 string.
    You MUST have a single line of MIIGXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==.
    At the powershell, run the following.
    $cert = "<certificate base64 string>"
    Set-MsolDomainFederationSettings -DomainName <domainname> -SigningCertificate "$cert"
    Run "Get-MsolDomainFederationSettings -DomainName <domainname>" to verify the certificate is successfully updated.

     

    More details at the following link.

    How to manually update the expired signing certificate for O365 federation partnership