In Active Directory Federation Services (ADFS)—and other Windows Server subsystems that use certificates—an admin often has to provide certificate “thumbprints” (a hash of the public key) to applications for use in communicating with ADFS. Applications use the thumbprint to validate the certs they receive from the various relying parties.
Unfortunately, this cannot be accomplished by cutting and pasting the thumbprint from management console’s certificate snap-in to the app’s web.config file. When you use the clipboard to cut-and-paste a certificate thumbprint, you get an invisible Unicode character. When you paste the info into your app’s connection definition, you won’t see the Unicode character and it won’t connect.
Fortunately, there’s an easy, one-liner PowerShell script you can run to obtain the thumbprint you need: Get-AdfsCertificate
. Get-AdfsCertificate
outputs an object containing the thumbprint for each of its certs
.
Here’s a PowerShell script that pipes the output to a .csv file along with the cert type. Note the -Encoding ASCII
parameter on Get-AdfsCertificate
.
For your copy-and-pasting convenience:
Get-AdfsCertificate | Select-Object CertificateType, Thumbprint | Export-Csv -Path c:\temp\adfsthumbs.csv -Encoding ASCII -NoTypeInformation
Please Copy the thumbprint into the appropriate district/BOCES sharepoint ADFS folder that SchoolFront has created for you.