How To Change The Thumbprint of a Certificate in Microsoft Project #Honolulu @servermgmt #ServerMgmt

2 min read


You have deployed the first Technical Preview of Microsoft Project Honolulu in your environment, and you started exploring the new way of managing your servers in your Datacenter.

If you did not hear yet about Microsoft Project Honolulu, please check my previous article on how to get started.

You are probably like me, you installed and configured the Server Management Gateway service to use a Self-Signed SSL certificate (which will expire in 60 days) instead of using a certificate installed on the gateway server.

How To Change The Thumbprint of a Certificate in Microsoft Project #Honolulu @servermgmt #ServerMgmt 1

You decided to install a new certificate and use it with Microsoft Project ‘Honolulu’ instead of reinstalling the gateway service.

In this short post, I will show you how to change and replace the current certificate on the gateway service.

Changing The Certificate

As of this writing, changing the certificate in Microsoft Project ‘Honolulu’ is not user-friendly and requires several steps.

For now, you need to follow the steps below if you want to change the certificate:

  1. Make sure you have installed the new certificate under Local Computer \ Personal \ Certificates store.
  2. You need to stop the Server Management Gateway service by running the following command:
    Get-Service *Gateway | Stop-Service
  3. Open the command prompt window as Administrator and run the following commands in sequence:
    netsh http delete sslcert ipport={port} 
    netsh http delete urlacl url=https://+:{port}/
    netsh http add sslcert ipport={port} certhash={certificate thumbprint} appid={any guid goes here}
    netsh http add urlacl url=https://+:{port}/ user=”NT Authority\Network Service”
  4. Finally, you need to restart the Server Management Gateway service by running the following command and start using the new certificate.
    Get-Service *Gateway | Start-Service

How To Change The Thumbprint of a Certificate in Microsoft Project #Honolulu @servermgmt #ServerMgmt 2

The commands that I ran in Step 3 will do the following:

  • Delete the existing SSL certificate by specifying the port that you used during the deployment.
  • Delete the exiting URL ACL by specifying also the port that you used during the deployment.
  • Add a new certificate thumbprint including the Appid – Please check my previous article on how to get the certificate thumbprint. The AppId can be any GUID – its only purpose is to identify the sslert binding – For more information about add sslcert command, please check the following article. You can also use the following online GUID generator to generate an Appid.
  • The last command, will add back the URL ACL using “NT Authority\Network Service”.

I hope the Server Management team at Microsoft will automate and make this process a little easier in the future.

Many Thanks to Dylan Hirshkowitz from the Server Management team for his support.

Hope this helps someone out there!

[email protected]

About Charbel Nemnom 579 Articles
Charbel Nemnom is a Cloud Architect, Swiss Certified ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.