Troubleshooting HTTP.SYS – How delete old SSL cert?
Symptom: On internal ADFS server the new SSL certificate has been replaced using the set-adfssslcertificate cmdlet, but the get-adfssslcertificate still display the old thumbprint and @myolddomain.com
This error cause error on Azure AD health connect
There is not special ADFS cmdlet to remove this old thumbprint. The solution is to use NETSH HTTP to manage HTTP.SYS web server.
Reference: netsh commands for HTTP: https://msdn.microsoft.com/fr-fr/library/windows/desktop/cc307236(v=vs.85).aspx
Netsh http show sslcert ; to list all SSL bindings
In our case, we want to remove all bindings associated to adfslab.myolddomain.com:443
In general the command is : Netsh http delete sslcert ipport=w.x.y.z:443
In our case :
Netsh http delete sslcert hostnameport=adfslab.myolddomain.com:443
Netsh http delete sslcert hostnameport=adfslab.myolddomain.com:49443
Check with get-adfssslcertificate cmdlet