Renew high trust certificate

Following article describes steps needed to register new self signed certificate used for the communication between KanBo and SharePoint (High trust certificate). Please follow these instructions in case your old self-signed certificate expired.


Step 1

 As a first step, you will need to remove old certificate form the SharePoint using SharePoint Management Shell.


Step 2

In order to remove old certificate, launch SharePoint Management Shell. Please replace the parts in {} with your data and respect order of performing the commands.

1. Get-SPTrustedRootAuthority
2. Remove-SPTrustedRootAuthority -Identity {id of the KanBo high certificate form step nr 1}
3. Get-SPTrustedSecurityTokenIssuer
4. Remove-SPTrustedSecurityTokenIssuer -Identity {id of the KanBo high certificate form step nr 3}


You can check it result in the Central Administration -> Security -> Manage High Trust


Step 3

Generate a new self-signed certificate.

Go to the IIS Server Manager, click on your server and choose Server Certificates. From the menu on the right side choose “Create self-singed certificate”, pick a name for your certificate and follow the next steps to create it. After the certificate has been created save it to a file by following these steps:

  1. Select -> Click on “Export” -> Follow the steps to save it as a .pfx file in a choosen location (we will use the location later when configuring the app)
  2. Select -> Click on “View” -> Details -> Copy to file -> Save it as a .cer file in the same location as the .pfx file
  3. Install certificate to LocalMachine store (DoubleClick it) . Ensure certificate exist under Personal tree using Manage computer certificates (certlm).


Step 4 

Now you can register the certificate in SharePoint. Replace the parts in {} with your data.


$publicCertPath = "{the path to your self-signed certificate .cer file ex. c:\certs\cert.cer}"
$issuerID = "{Issuer ID from web.config}"
$authorityName = "{Your chosen authority name ex. KanBoServerAppsCerts}"
$certificate = Get-PfxCertificate $publicCertPath
New-SPTrustedRootAuthority -Name $authorityName -Certificate $certificate
$realm = Get-SPAuthenticationRealm
$fullIssuerIdentifier = $issuerId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name $authorityName -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier -IsTrustBroker
Iisreset


In case your organization is using a local certificate which is configured in the appSettings 
instead of using the signer-attribute in the authentication-section, please perform the following change in the web.config file:


<signer type="X509SignerFromFile" file="{C:\certs\yourcertname.pfx}" key="{CertificatePassword}" /> 





You KanBo shoud start working good now.





This article was helpful for 1 person. Is this article helpful for you?