How To Change The Thumbprint of a Certificate in Microsoft Project #Honolulu @servermgmt #ServerMgmt


You have deployed the first Technical Preview of Microsoft Project Honolulu in your environment, and you started exploring the new way of managing your servers in your Datacenter.

If you did not hear yet about Microsoft Project Honolulu, please check my previous article on how to get started.

You are probably like me, you installed and configured the Server Management Gateway service to use a Self-Signed SSL certificate (which will expire in 60 days) instead of using a certificate installed on the gateway server.

You decided to install a new certificate and use it with Microsoft Project ‘Honolulu’ instead of reinstalling the gateway service.

In this short post, I will show you how to change and replace the current certificate on the gateway service.

Changing The Certificate

As of this writing, changing the certificate in Microsoft Project ‘Honolulu’ is not user-friendly and requires several steps.

For now, you need to follow the steps below if you want to change the certificate:

  1. Make sure you have installed the new certificate under Local Computer \ Personal \ Certificates store.
  2. You need to stop the Server Management Gateway service by running the following command:
  3. Open the command prompt window as Administrator and run the following commands in sequence:
  4. Finally, you need to restart the Server Management Gateway service by running the following command and start using the new certificate.

The commands that I ran in Step 3 will do the following:

  • Delete the existing SSL certificate by specifying the port that you used during the deployment.
  • Delete the exiting URL ACL by specifying also the port that you used during the deployment.
  • Add a new certificate thumbprint including the Appid – Please check my previous article on how to get the certificate thumbprint. The AppId can be any GUID – its only purpose is to identify the sslert binding – For more information about add sslcert command, please check the following article. You can also use the following online GUID generator to generate an Appid.
  • The last command, will add back the URL ACL using “NT Authority\Network Service”.

I hope the Server Management team at Microsoft will automate and make this process a little easier in the future.

Many Thanks to Dylan Hirshkowitz from the Server Management team for his support.

Hope this helps someone out there!

[email protected]

About Charbel Nemnom 405 Articles
Charbel Nemnom is a Cloud Solutions Architect and Microsoft Most Valuable Professional (MVP), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize performance of mission-critical enterprise systems. Excellent communicator adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design and virtualization.