*.kingsltd.co.uk certs expires 12/03/2026
ADFS SSL Cert Renewal Next:12th March 2026
https://fs.kingsltd.co.uk/adfs/ls/ internally points to 172.30.252.46
List of servers to install certs to:
CS-ADFS02 - 172.30.252.44
GB-P-WAP01
RS-ADFS02 - 172.30.252.45
GB-P-WAP02
First, you need to obtain the new certificate. You can get it by submitting a certificate signing request (CSR) to a third party, public certificate provider. There are various ways to generate the CSR, including from a Windows 7 or higher computer. Your vendor should have documentation for this process.
First, you need to obtain the new certificate. You can get it by submitting a certificate signing request (CSR) to a third party, public certificate provider. There are various ways to generate the CSR, including from a Windows 7 or higher computer.
After you get the response from your certificate provider,>>>>>> import it to the local machine store on each AD FS and WAP server.
On the primary AD FS server Login to one of the server run PowerShell run the following cmd:
Get-AdfsSyncProperties
use the following cmdlet to install the new SSL certificate:
Set-AdfsSslCertificate -Thumbprint "thumbprint of new cert"
As it says you need to restart the service run:
Restart-Service adfssrv -Force
This will update the other ADFS server, however not sure on wap give it 5 mins next time this is done the retry the website and check the ssl cert:
https://fs.kingsltd.co.uk/adfs/ls
This will update all details internally, Cloudflare will need to be updated with the same cert - working on these details now
Old outdated info below ignore unless required as a backup
ADFS Servers - VLAN111-RS CS Shared Servers
CS-ADFS02 - 172.30.252.44
cs-aads01.kingsltd.co.uk - 172.30.252.47
cs-haproxy-int1 - 172.30.252.21 and 172.30.252.20 (Ubuntu)
cs-ssis03.kingsltd.co.uk - 172.30.252.33 and 172.30.252.35
cs-test-haproxy-int1 - Ubuntu powered off
cs-wap01.kingsltd.co.uk Ubuntu - 172.30.252.40 plus in vlan VM VLAN22-DMZ-FWC2 - 172.25.2.27 with server cs-haproxy-dmz2 Ubuntu - (Dymension) - 172.25.2.30 an 172.25.2.29
VLAN111-RS CS Shared Servers
RS-ADFS02 - 172.30.252.45
rs-haproxy-int1 - 172.30.252.22 (Ubuntu)
rs-test-haproxy-int1 - 172.30.252.32 (Ubuntu)
rs-wap01 - 172.30.252.41 + VM VLAN22-DMZ-FWC2 using ip 172.25.2.28
Also in that vlan (VM VLAN22-DMZ-FWC2) rs-haproxy-dmz2 Ubuntu (Dymension) - 172.25.2.31
## Overview
ADFS is provides an on-premise authentication mechanism for Azure AD.
The web interface uses an SSL Certificate from LetsEncrypt that lasts 90 days. The certificate can be viewed via [https://fs.kingsltd.co.uk/adfs/ls/](https://fs.kingsltd.co.uk/adfs/ls/) .
## Process
To renew the certificate use Ansible via SSH. This will update the certificate on the WAP and ADFS servers.
1. SSH to Ansbile1 ([Credentials](https://idash.eu.itglue.com/3072062628233418/passwords/3202341766562047) ) and run commands:
```
ansible-playbook playbooks/adfs.yml -i environments/prod/hosts.yml
```
2. Check the website [https://fs.kingsltd.co.uk/adfs/ls](https://fs.kingsltd.co.uk/adfs/ls) and verify the certificate has been replaced. Note: The webpage will always return “an error has occurred”, this can be ignored if just renewing the certificate.
Check the cert is now Valid - Done
Password is Welcome123 for the PFX cert