Renew high trust certificate

Following article describes steps needed to register new self-signed certificate used for the communication between KanBo and SharePoint (High trust certificate). Please follow these instructions in case your old self-signed certificate expired.

Step 1

 As a first step, you will need to remove the old certificate from the SharePoint using SharePoint Management Shell.

Step 2

In order to remove the old certificate, launch SharePoint Management Shell. Please replace the parts in {} with your data and respect order of performing the commands.

Get-SPTrustedRootAuthority
Remove-SPTrustedRootAuthority -Identity {id of the KanBo high certificate form step nr 1}
Get-SPTrustedSecurityTokenIssuer
Remove-SPTrustedSecurityTokenIssuer -Identity {id of the KanBo high certificate form step nr 3}

You can check it result in the Central Administration -> Security -> Manage High Trust

Step 3

Generate a new self-signed certificate.

Go to the IIS Server Manager, click on your server and choose Server Certificates. From the menu on the right side choose “Create self-signed certificate”, pick a name for your certificate and follow the next steps to create it. After the certificate has been created save it to a file by following these steps:

  1. Select -> Click on “Export” -> Follow the steps to save it as a .pfx file in a chosen location (we will use the location later when configuring the app)
  2. Select -> Click on “View” -> Details -> Copy to file -> Save it as a .cer file in the same location as the .pfx file
  3. Install certificate to LocalMachine store (DoubleClick it). Ensure certificate exist under Personal tree using Manage computer certificates (certlm).

Step 4 

Now you can register the certificate in SharePoint. Replace the parts in {} with your data.

$publicCertPath = "{the path to your self-signed certificate .cer file ex. c:\certs\cert.cer}"
$issuerID = "{Issuer ID from web.config}"
$authorityName = "{Your chosen authority name ex. KanBoServerAppsCerts}"
$certificate = Get-PfxCertificate $publicCertPath
New-SPTrustedRootAuthority -Name $authorityName -Certificate $certificate
$realm = Get-SPAuthenticationRealm
$fullIssuerIdentifier = $issuerId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name $authorityName -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier -IsTrustBroker
Iisreset

In case your organization is using a local certificate which is configured in the appSettings 
instead of using the signer-attribute in the authentication-section, please perform the following change in the web.config file:

<signer type="X509SignerFromFile" file="{C:\certs\yourcertname.pfx}" key="{CertificatePassword}" /> 

You KanBo should start working good now.




This article was helpful for 1 person. Is this article helpful for you?