https://stackoverflow.com/questions/21706203
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianBoth certs will be in the metadata and WIF allows you to have more than one cert. in the web.config. So the old one will be used until the switchover, then the new one will be used.
ADFS 2.0 Token-Signing certificate grace period
题
My ADFS token-signing (and token-decrypting) certificate is in the process of auto-rolling over - the secondary cert got generated last night and now shows in the ADFS console. The option to promote it to Primary (right-click on the cert, "Set as Primary") is greyed out, I assume because AutoCertificateRollover is enabled.
I know I have 5 days of a grace period, at the end of which the Secondary will be promoted to Primary. My question is, does the secondary cert actually get used during this 5 day stretch, or does it start getting used at the end, when it gets promoted? We have a few RPs that we need to update with the new CER manually, and I want to know whether this can happen now (inside the 5 day grace period) or a the end, when the secondary gets promoted. The former would be nice, because if it is the latter, that would mean I will have to update the RPs as soon as it rolls over, otherwise, if I am not mistaken, there will be an outage.
Thanks!
解决方案
不隶属于 StackOverflow
