- Copy the exported certificate file to the UI server. ***use same exported certificate used for Portal / Gateway article (directions below)
- Give the new ADFS token signing certificate a unique name (for example, include the year in the name). This will help distinguish it from previous ADFS certificates.
- Access the UI Admin site and select this instance of UI.
- Select the SAML2 Auth tab and then the Identity Provider tab.
- Select the Import button and then Browse.
- In the Windows Explorer window, select the drop down in the bottom right and change Custom Files (*.crt) to All Files (*.*).
- Browse to the location of the new ADFS token signing certificate and choose to Upload it.
- Close the import certificate window.
- Select the drop down for the Public Certificate File field and change it to the new ADFS token signing certificate.
- Click Save.
******CONSIDER DOING THIS SO CERTIFICATE DOESN'T EXPIRE EVERY YEAR******
NOTE: If you would like to increase the duration for auto-generated ADFS certificates then please see article How to increase the duration of ADFS auto-generated certificates.
Follow the steps below to add the new ADFS token signing certificate to UI.
- Open ADFS Management Panel.
- Expand Service.
- Click on Certificates.
- Select the PRIMARY Token Signing Certificate and right click on it.
- Click on View Certificate.
- Click on the Details tab and then Copy to File.
- Select Next and then select Base-64 Encoded X.509 format.
- Click on Next and save it to a directory.
- Follow the prompts until it says "The Export was Successful".