How can I remove an ADFS Relying Party Trust Encryption Certificate via PowerShell?

Question

I can add an encryption certificate to an ADFS Relying Party Trust with the following PowerShell command:

Set-ADFSRelyingPartyTrust -TargetName "My RP" -EncryptionCertificate $myCert

I can change the certificate using that same command with a different variable for the EncryptionCertificate parameter, but how can I remove the certificate? Not passing a variable, passing null or the empty string '' results in an exception:

Missing an argument for parameter 'EncryptionCertificate'. 
Specify a parameter of type 'System.Security.Cryptography.X509Certificates.X509Certificate2' 
and try again.

How can I "clear" the certificate that is in place?

@AnsgarWiechers Thanks, but neither does what I'm looking for. Remove-ADFSCertificate is used to completely remove a certificate from ADFS, and if I'm reading it right, is only valid for Token-Signing, Token-Decrypting, and Service-Communications certificates. (But I'll run it with the -WhatIf param and see what I get.) I need to keep the certificate in place on another RP. Remove-ADFSRelyingPartyTrust will remove the RP. I could then re-add it without the certificate, but I'd prefer not to entirely drop and recreate it if possible. — Rick Liddle
@AnsgarWiechers I confirmed that, in spite of the TechNet article says, Remove-ADFSCertificate does not apply to Token-Encrypting certificates for Relying Parties. Instead, it applies to Token-Decrypting certificates for federated partners. — Rick Liddle

Martin D Martin D · Accepted Answer · 2013-04-26T20:57:50

You almost had it. In order to remove the encryption certificate from an existing relying party, you have to use the $null variable:

Set-ADFSRelyingPartyTrust -TargetName "My RP" -EncryptionCertificate $null

How can I remove an ADFS Relying Party Trust Encryption Certificate via PowerShell?

2 Answers