How To Change The Thumbprint of a Certificate in Windows Admin Center @servermgmt #ServerMgmt

2 Min. Read

In this article, I will show you how to change the thumbprint of a certificate in Windows Admin Center.

Introduction

You have deployed the first Technical Preview of Windows Admin Center (formerly known as Microsoft Project Honolulu) in your environment, and you started exploring the new way of managing your servers in your Datacenter.

If you did not hear yet about Microsoft Project Honolulu, please check my previous article on how to get started.

You are probably like me, you installed and configured the Server Management Gateway service to use a Self-Signed SSL certificate (which will expire in 60 days) instead of using a certificate installed on the gateway server.

How To Change The Thumbprint of a Certificate in Windows Admin Center @servermgmt #ServerMgmt 2

You decided to install a new certificate and use it with Microsoft Project ‘Honolulu’ instead of reinstalling the gateway service.

In this short post, I will show you how to change and replace the current certificate on the gateway service.

Changing The Certificate

As of this writing, changing the certificate in Microsoft Project ‘Honolulu’ is not user-friendly and requires several steps.

For now, you need to follow the steps below if you want to change the certificate:

  1. Make sure you have installed the new certificate under Local Computer \ Personal \ Certificates store.
  2. You need to stop the Server Management Gateway service by running the following command:
    Get-Service *Gateway | Stop-Service
  3. Open the command prompt window as Administrator and run the following commands in sequence:
    netsh http delete sslcert ipport=0.0.0.0:{port} 
    netsh http delete urlacl url=https://+:{port}/
    netsh http add sslcert ipport=0.0.0.0:{port} certhash={certificate thumbprint} appid={any guid goes here}
    netsh http add urlacl url=https://+:{port}/ user=”NT Authority\Network Service”
    
  4. Finally, you need to restart the Server Management Gateway service by running the following command and start using the new certificate.
    Get-Service *Gateway | Start-Service

How To Change The Thumbprint of a Certificate in Windows Admin Center @servermgmt #ServerMgmt 3

The commands that I ran in Step 3 will do the following:

  • Delete the existing SSL certificate by specifying the port that you used during the deployment.
  • Delete the exiting URL ACL by specifying also the port that you used during the deployment.
  • Add a new certificate thumbprint including the Appid – Please check my previous article on how to get the certificate thumbprint. The AppId can be any GUID – its only purpose is to identify the sslert binding – For more information about add sslcert command, please check the following article. You can also use the following online GUID generator to generate an Appid.
  • The last command, will add back the URL ACL using “NT Authority\Network Service”.

I hope the Server Management team at Microsoft will automate and make this process a little easier in the future.

Many Thanks to Dylan Hirshkowitz from the Server Management team for his support.

Hope this helps someone out there!

Cheers,
-Ch@rbel

Previous

Getting Started with Microsoft Project Honolulu #SeverMgmt #WS #S2D #HyperV #HCI @servermgmt

What’s New in Hyper-V in Windows Server Version 1709? #HyperV #WindowsServer #Windows10

Next

Let me know what you think, or ask a question...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Stay in Touch

Never miss out on your favorite posts and our latest announcements!

The content of this website is copyrighted from being plagiarized!

You can copy from the 'Code Blocks' in 'Black' by selecting the Code.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!