Error setting ADFS SSL Certificate with wildcard certificate

Question

I am trying to configure ADSF to use a wildcard SSL certificate

I can see the thumbprint of the cert:

C:\temp\SAML> dir cert:\Localmachine\My\

PSParentPath: Microsoft.PowerShell.Security\Certificate::Localmachine\My

Thumbprint                                Subject
----------                                -------
950CB19E429B5A409FD9650B08E873B23FE1082D  CN=*.mydomain.com

But when I try to install it as the SSL Certificate, I see the following error:

C:\temp\SAML> Set-AdfsSslCertificate -Thumbprint 950CB19E429B5A409FD9650B08E873B23FE1082D 
Set-AdfsSslCertificate : PS0317: One or more of AD FS servers returned errors during execution of command 
'Set-AdfsSslCertificate'. Error information: PS0316: AD FS Server: 'localhost', Error: 'The SSL certificate specified by 
thumbprint 950CB19E429B5A409FD9650B08E873B23FE1082D does not have a subject name that matches the specified Federation 
Service name: EC2AMAZ-0FBOMSR.adfs.mydomain.com'.
At line:1 char:1
+ Set-AdfsSslCertificate -Thumbprint 950CB19E429B5A409FD9650B08E873B23F ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-AdfsSslCertificate], RemoteException
    + FullyQualifiedErrorId : 
RuntimeException,Microsoft.IdentityServer.Management.Commands.SetSslCertificateCommand

The error is about the wrong subject name. Shouldn't that be "CN="? Is it a problem to use a wildcard?

Answer 1

No you cant use *.contoso.com for host.subdomain.contoso.com. * is for one level (host.contoso.com) not two as you are attempting.