Troubleshooting HTTP.SYS – How delete old SSL cert?

Symptom: On internal ADFS server the new SSL certificate has been replaced using the set-adfssslcertificate cmdlet, but the get-adfssslcertificate still display the old thumbprint and

 This error cause error on Azure AD health connect


There is not special ADFS cmdlet to remove this old thumbprint. The solution is to use NETSH HTTP to manage HTTP.SYS web server.

Reference: netsh commands for HTTP:

Netsh http show sslcert                               ; to list all SSL bindings

In our case, we want to remove all bindings associated to


In general the command is : Netsh http delete sslcert ipport=w.x.y.z:443

In our case :

Netsh http delete sslcert

Netsh http delete sslcert

Check with get-adfssslcertificate cmdlet