Set-AdfsAlternateTlsClientBinding
Configures an existing AD FS deployment to use the same port for both device certificate and client certificate authentication.
Syntax
Default (Default)
Set-AdfsAlternateTlsClientBinding
[-Thumbprint <String>]
[-Member <String[]>]
[-Force <Boolean>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-AdfsAlternateTlsClientBinding cmdlet configures an existing AD FS deployment to use the same port (443) for both device certificate and client certificate authentication (client TLS).
The cmdlet creates an endpoint for user certificate authentication on certauth.<federation service name>, such as certauth.contoso.com.
To change the deployment back to one in which user certificate authentication uses a non-standard port, use the Set-AdfsSslCertificate cmdlet with a new certificate that does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>.
The Install-AdfsFarm cmdlet configures client TLS on port 49443 if the SSL certificate does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>, such as certauth.contoso.com.
Use Set-AdfsAlternateTlsClientBinding with a new certificate that contains the SAN entry. It will configure AD FS to use port 443 for client TLS.
Examples
Example 1: Configure a deployment
PS C:\> Set-AdfsAlternateTlsClientBinding -Member "ADFSServer1.contoso.com" -Thumbprint "c67e1ffba186d70c7e00c89596e0cb5645f9874a"
This command configures a deployment to use the same port for device certificate authentication and user certificate authentication. In this example, the certificate that has the specified thumbprint contains a SAN for certauth.contoso.com.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Force
Forces the command to run without asking for user confirmation.
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Member
The Set-AdfsAlternateTlsClientBinding cmdlet configures an existing AD FS deployment to use the same port (443) for both device certificate and client certificate authentication (client TLS).
The cmdlet creates an endpoint for user certificate authentication on certauth.<federation service name>, such as certauth.contoso.com.
To change the deployment back to one in which user certificate authentication uses a non-standard port, use the Set-AdfsSslCertificate cmdlet with a new certificate that does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>.
The Install-AdfsFarm cmdlet configures client TLS on port 49443 if the SSL certificate does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>, such as certauth.contoso.com.
Use Set-AdfsAlternateTlsClientBinding with a new certificate that contains the SAN entry. It will configure AD FS to use port 443 for client TLS.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Thumbprint
The Set-AdfsAlternateTlsClientBinding cmdlet configures an existing AD FS deployment to use the same port (443) for both device certificate and client certificate authentication (client TLS).
The cmdlet creates an endpoint for user certificate authentication on certauth.<federation service name>, such as certauth.contoso.com.
To change the deployment back to one in which user certificate authentication uses a non-standard port, use the Set-AdfsSslCertificate cmdlet with a new certificate that does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>.
The Install-AdfsFarm cmdlet configures client TLS on port 49443 if the SSL certificate does not contain a Subject Alternative Name (SAN) for certauth.<federation service name>, such as certauth.contoso.com.
Use Set-AdfsAlternateTlsClientBinding with a new certificate that contains the SAN entry. It will configure AD FS to use port 443 for client TLS.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.