What is SSL certificate and why it’s important?
An SSL certificate, which stands for Secure Sockets Layer certificate, is a digital certificate that enables secure communication between a web browser and a web server. It ensures that any data transmitted between the browser and server remains encrypted and cannot be intercepted or tampered with by malicious third parties.
SSL certificates are primarily used to establish a secure connection for websites that handle sensitive information, such as personal details, financial transactions, or login credentials. When a website has an SSL certificate installed, it enables the HTTPS protocol (HyperText Transfer Protocol Secure) instead of the unsecured HTTP protocol, indicating that the connection is encrypted.
The SSL certificate is issued by a trusted third-party certificate authority (CA) after verifying the identity of the certificate applicant. It contains the following information:
- Domain name: The SSL certificate is bound to a specific domain or subdomain.
- Organization name: The legal entity or organization associated with the website.
- Certificate authority: The trusted entity that issued the certificate.
- Public key: The public encryption key used for secure communication.
- Expiration date: SSL certificates have a validity period, typically ranging from a few months to a few years.
- Digital signature: A cryptographic signature created by the certificate authority to ensure the authenticity of the certificate.
When a user visits a website with an SSL certificate, their browser checks the validity and authenticity of the certificate. If everything checks out, a secure connection is established, and data transmitted between the browser and server is encrypted to protect it from unauthorized access.
What we require to get SSL certificate:
1: Create CSR file for certificate using an DigiCert application (DigicertCutil.exe)
2: Now we can go to SSL provider (Godaddy, Digicert, Sectigo etc.) to upload the CSR file and get SSL certificate.
3: Once you have the SSL certificate files. Then we require to decrypt and get the PFX file. This process can be done from the same PC where CSR file was created.
Once you have PFX file then we can install or deploy it on ADFS in our scenario.
How we can deploy or install:
1: Go to CMMC and import certificate to personal, the one I deployed is the highlighted one:
2: Copy the thumbprint value of the certificate and run the below PS cmd to update the certificate:
3: Now you can run the below PS cmd to check the certificate is updated for ADFS or not:
netsh http show sslcert
4: Now run the below PS cmd to check the Certificates in local Directory:
PS C:\Windows\system32> dir Cert:\LocalMachine\My\
5: Now we need to update the certificate for service communication by running the below PS cmd:
PS C:\Windows\system32> Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint EAAA5B769827A65E612803007E941xxxxxxxxx
WARNING: PS0038: This action requires a restart of the AD FS Windows Service. If you have deployed a federation server farm, restart the service on every server in the farm.
6: Now login to web proxy server and install the Certificate the same way we did on ADFS.
7: Now run the below PS cmd to update the web application proxy ssl certificate with new certificate thmbprint
Now, update the certificate in cloud as well for federation to work properly:
1: Open PowerShell and connect to Connect-MsolService
2: Run this command on the Primary ADFS server
Set-MSOLADFScontext -computer <FQDN>
3: Run Update-MsolFederatedDomain -DomainName Domain.com
This command will update the ADFS configuration into the cloud.
The last thing what we require to do is, restart the ADFS service and web proxy application service:
1: go to Services.msc
2: Look for ADFS service and restart it on ADFS server.
3: Look for web proxy application service and restart it on Proxy server.
Now we are good to go with updated certificate.
Thank you for reading this interesting blog. If any query or concern. Feel free to comment or email.
Regards
HARISH KUMAR