AD Federation troubleshooting

Troubleshooting

Sometimes a problem with wrong SSL certificate used by ADFS endpoint may occur. The application uses local machine certificate instead of the one passed during the initial configuration. This is due to the fact that ADFS in version 3.0 is using HTTP.SYS instead of IIS.

After running the netsh http show sslcert command you can see that the certificate for IP 127.0.0.1:443 is the local machine certificate and it overrides other configured certificates. Delete it using the command http delete sslcert ipport=127.0.0.1:443 and the endpoints should start using the proper certificate.