Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform, and solution. It contains core tools for troubleshooting, configuration, management, and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more…
In this article, we will show you how to change the Windows Admin Center thumbprint certificate.
Table of Contents
Introduction
You have deployed the first Technical Preview of Windows Admin Center (formerly known as Microsoft Project Honolulu) in your environment, and you started exploring the new way of managing your servers in your Datacenter.
If you did not hear yet about Microsoft Project Honolulu, please check my previous article on how to get started.
You are probably like me, you installed and configured the Server Management Gateway service to use a Self-Signed SSL certificate (which will expire in 60 days) instead of using a certificate installed on the gateway server.
You decided to install a new certificate and use it with Windows Admin Center instead of reinstalling the gateway service.
In this short post, we will show you how to change and replace the current certificate on the gateway service.
Change the Windows Admin Center certificate
As of this writing, changing the certificate in Windows Admin Center is not user-friendly and requires a couple of steps.
For now, you need to follow the steps below if you want to change the certificate:
1) Make sure you have installed the new certificate under the Local Computer \ Personal \ Certificates store.
2) You need to stop the Server Management Gateway service by running the following command:
Get-Service *Gateway | Stop-Service3) Open the command prompt window as Administrator and run the following commands in sequence:
netsh http delete sslcert ipport=0.0.0.0:{port}
netsh http delete urlacl url=https://+:{port}/
netsh http add sslcert ipport=0.0.0.0:{port} certhash={certificate thumbprint} appid={any guid goes here}
netsh http add urlacl url=https://+:{port}/ user="NT Authority\Network Service"
4) Finally, you need to restart the Server Management Gateway service by running the following command and start using the new certificate.
Get-Service *Gateway | Start-Service
The commands that I ran in Step 3 will do the following:
- Delete the existing SSL certificate by specifying the port that you used during the deployment.
- Delete the exiting URL ACL by specifying also the port that you used during the deployment.
- Add a new certificate thumbprint including the Appid – Please check my previous article on how to get the certificate thumbprint. The AppId can be any GUID – its only purpose is to identify the sslert binding – For more information about add sslcert command, please check the following article. You can also use the following online GUID generator to generate an Appid.
- The last command will add back the URL ACL using “NT Authority\Network Service”.
I hope the Server Management team at Microsoft will automate and make this process a little easier in the future.
Many Thanks to Dylan Hirshkowitz from the Server Management team for his support.
Hope this helps someone out there!
Cheers,
-Ch@rbel
Work like a charm, thanks!
Thank You, Jens!