IIS 5 & IIS 6
Time to renew PKI cert but not sure if it is being used
Last post Sep 20, 2017 07:38 AM by Yuk Ding
Sep 08, 2017 08:45 PM|ChillyMoonbutt|LINK
So its time for me to renew a PKI cert here in about 30 days or so. The cert is on my SharePoint Central admin server.
What I need to know is how to check if SharePoint is using it?
Here is what I have done so far:
1. Check all the IIS binding to make sure the thumbprints on the bindings does mot match the thumbprint on the old cert.
- I did not find a match. So its not being used by IIS bindings
2. Checked Get-SPtrustedRootAutority on the server and compared the PKI Certificate Thumbprint with the old cert.
- I did not find a match there either.
That's all I know how to check. So any other places to check will greatly help.
I'm just afraid that if I let the cert expire, something will break on my sharepoint farm.
Sep 11, 2017 06:49 AM|Yuk Ding|LINK
The most effective way to ensure whether cert has been get renewed is use command line to check the port number. For example if we need to check whether the port is using renewed certificate. You could run this command line:
netsh http show sslcert
If the certificate hash match the trumbprint, the it should prove that the certificate is using the newest certificate.
Sep 11, 2017 03:06 PM|ChillyMoonbutt|LINK
That is a nice tool, netsh I will keep that in mind for when I need to check if a cert has been updated yet or not. Thanks.
In my situation or the question I was asking, is I know the PKI cert is not renewed.
What I really need to know, is in a SharePoint farm scenario
- Is the PKI cert being used?
- Where to look to see if the PKI is being used?
This way I can find out if the PKI cert is being used or not, to determine If I should renew it.
Thank you very much for any help in advance.
See I have a few PKI certs.
Sep 20, 2017 07:38 AM|Yuk Ding|LINK
The sharepoint certificate issue could be consulted in sharepoint forum. Maybe you could explain how did you deploy the PKI certificate with IIS. Then I could tell you how to check the renewed certificate.
This link provide the steps to renew PKI certificate in IIS:
Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you.
Microsoft does not control these sites and has not tested any software or information found on these sites;
Therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.