There are different ways to get this wrong.
The Problem
We need to change a TLS certificate that is used by ADFS to a new one.
The Solution
First of all, import your new TLS certificate and private key.
Open command prompt (CMD) as administrator and execute the following command (where lisenet.com.pfx is the file we want to import):
certutil -importpfx lisenet.com.pfx AT_KEYEXCHANGE
Make sure to provide the password used to protect the PFX file.
Open Powershell as administrator and execute the following command:
Set-ADFSProperties -AutoCertificateRollover $false
Find the new certificate’s thumbprint, see the image below for more info.
Set ADFS certificate using the thumbprint:
Set-AdfsSslCertificate -Thumbprint 881654f591f8bf73359524f46008e20509df08a5
Undo previous changes and restart the ADFS service:
Set-ADFSProperties -AutoCertificateRollover $true Restart-Service ADFSSRV