SyntaxHighlighter

Thursday, March 27, 2014

Change Certificate for Trusted Identity Provider


Many times we are required to update X.509 certificate for Trusted Identity Provider because certificate may have expired or may be we were using self-signed certificate and now wants to replace with commercial CA issued certificates.

Use this PowerShell commands to update certificate for existing Trusted Identity Provider.

$newCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\MyCerts\CA_Issued_Cert.cer")
New-SPTrustedRootAuthority -Name "New CA Issued Cert" -Certificate $newCert 

Set-SPTrustedIdentityTokenIssuer -Identity "My Id Provider" -ImportTrustCertificate $newCert

If you want to remove the old/expired certificate from SharePoint trust root, use this command to delete the certificate.

Remove-SPTrustedRootAuthority -Identity "My Old Cert"

Hope this helps.

-Javed.

No comments:

Post a Comment