I'm curious about how others are handling the shorter lifetimes for SSL certificates, specifically regarding ADFS SSL certificates. My main focus is on the internal SSL certs and the certificates for the Web Application Proxies (WAP), along with the service communication certificate, especially since our third-party CA is reducing certificate lifespans. We're in the process of migrating our applications to Azure, but we still have quite a bit tied up in ADFS.
1 Answer
If you're managing internal resources, why not use your own internal CA for longer certificate lifetimes? For the external certificates on Windows devices, we've been using automated tools like Let's Encrypt with ACME clients. It’s not the easiest setup for everyone, though!
True, but if you're using WAP for app publishing, you might hit warnings from browsers for longer lifetimes. The ADFS server redirection could also show issues if the cert doesn't meet browser expectations.