Time to renew PKI cert but not sure if it is being usedRSS

3 replies

Last post Sep 20, 2017 07:38 AM by Yuk Ding

  • Time to renew PKI cert but not sure if it is being used

    Sep 08, 2017 08:45 PM|ChillyMoonbutt|LINK

    So its time for me to renew a PKI cert here in about 30 days or so.    The cert is on my SharePoint Central admin server.

    What I need to know is how to check if SharePoint is using it?

    Here is what I have done so far:

    1. Check all the IIS binding to make sure the thumbprints on the bindings does mot match the thumbprint on the old cert.

            - I did not find a match. So its not being used by IIS bindings

    2. Checked Get-SPtrustedRootAutority   on the server and compared the PKI Certificate Thumbprint with the old cert.

          -  I did not find a match there either.

    That's all I know how to check.  So any other places to check will  greatly help. 

    I'm just afraid that if I let the cert expire, something will break on my sharepoint farm.

  • Re: Time to renew PKI cert but not sure if it is being used

    Sep 11, 2017 06:49 AM|Yuk Ding|LINK

    Hi Chilly,

    The most effective way to ensure whether cert has been get renewed is use command line to check the port number. For example if we need to check whether the port is using renewed certificate. You could run this command line:

    netsh http show sslcert

    If the certificate hash match the trumbprint, the it should prove that the certificate is using the newest certificate.

    Best Regards,

    Yuk Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.
  • Re: Time to renew PKI cert but not sure if it is being used

    Sep 11, 2017 03:06 PM|ChillyMoonbutt|LINK

    YD,

    That is a nice tool, netsh  I will keep that in mind for when I need to check if a cert has been updated yet or not.   Thanks.

    In my situation or the question I was asking, is I know the PKI cert is not renewed.

    What I really need to know, is in a SharePoint farm scenario

      -  Is the PKI cert being used?

     -  Where to look to see if the PKI is being used?

    This way I can find out if the PKI cert is being used or not, to determine If I should renew it. 

    Thank you very much for any help in advance.

    See I have a few PKI certs. 

  • Re: Time to renew PKI cert but not sure if it is being used

    Sep 20, 2017 07:38 AM|Yuk Ding|LINK

    Hi chillymoonbutt,

    The sharepoint certificate issue could be consulted in sharepoint forum. Maybe you could explain how did you deploy the PKI certificate with IIS. Then I could tell you how to check the renewed certificate.

    This link provide the steps to renew PKI certificate in IIS:

    https://grok.lsu.edu/article.aspx?articleid=18039

    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. 

    Microsoft does not control these sites and has not tested any software or information found on these sites;

    Therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.

    There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,

    Yuk Ding

    Yuk Ding

    MSDN Community Support
    Please remember to "Mark as Answer" the responses that resolved your issue.