CRM 2011: ADFS certificate expiration – Yellow Warning Triangle in ADFS Management Console

ADFS uses standard SSL certificates to secure it’s communicatons. SSL certificates are not static, and often change on a yearly basis. This will cause the warning condition in the ADFS management console as seen below:

 Once you enter the ADFS management console, under the relying party trust you will see:

 

 

 

 

Once you replace the certificate in the MMC or IIS manager, upon restarting the ADFS Service the message will still be displayed. Using powershell, you can update the ADFS cache mechanism by entering the following commands:

 

 

 

 

A great blog post from Rhys Goodwin about troubleshooting ADFS issues:

http://blog.rhysgoodwin.com/windows-admin/adfs-2-0-in-a-forest-trust-environment/