none
Certificate installation in Sharepoint server (IIS 8) RRS feed

  • Question

  • Hi!

    Our Digicert certificates are going to get expired on june 17. We have planned to use a single wild card certificate to all the existed certificates. We have 3 certificates currently in our environment. 1 is for all the web applications in prod an test environments. other one is for apps in test and last one for app in production. So all the 3 will be replaced with one using SAN. 

     Infact there were lot of issues, somehow we managed to install the certificate.We can see them in IIS server certificates. All the bindings were done. But at last we are not able to use this to our sites. When I see them our sites are still using old certifciate.

    Can someone help me with this?

    Regards,


    Susmitha


    Monday, June 1, 2020 10:49 AM

All replies

  • Make sure you place the certification in certificate store for all SharePoint Web Server's. first get the .pfx certificate and follow below steps to import:

    Import Self Signed Certificate to SharePoint Certificate store

    Open Manage Compute Certificate (MMC) on your Windows Server and go to SharePoint node and then right click All tasks >> import …

    Click Next and then specify the location of exported certificate in previous step and then Click Next,

    Make sure Certificate store is SharePoint and Click Next and then finish (Exported).

    Thanks & Regards,


    sharath aluri

    Monday, June 1, 2020 3:40 PM
  • Hi Susmitha,

    Here is the document provided by digicert:

    Microsoft SharePoint 2013: SSL Certificate Installation Instructions.

    Please make sure you have used the corresponding method to install the SSL Certificate and finished the process properly. Remove the old certificates if necessary.

    Here is another tutorial for your reference:

    Renewing SharePoint Certificates on premise.

    Disclaimer: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Tuesday, June 2, 2020 6:07 AM
  • Hi!

    I have done all the steps you have had mentioned. But it still shows me that our sites are using old certificate. I will try exporting the old one and remove them  from the server. So, can it get done using export option or is it needed to take backup in more complicated way? 

    Also could you let me know whether this whole process need to be done in all the servers? we have 1 app server and 1 front end server for test.

    Regards,



    Susmitha


    Tuesday, June 2, 2020 12:40 PM
  • Using IIS 8 to Assign the Certificate to the SharePoint Website. In Internet Information Services (IIS) Manager, under Connections, expand your server's name, expand Sites, and then select the SharePoint site. In the Actions menu, under Edit Site, click Bindings. In the Site Binding window, click Add.
    Tuesday, June 2, 2020 1:56 PM
  • Hi Susmitha,

    If you are using a wild card certificate, then you only need to di it once. Just make sure you use Microsoft IIS 8 to install your SSL Certificate to the same server where you generated the CSR, and then bind it the SharePoint site.

    Normally, the export option will do to backup an old certificate, but you can export the certificate with a PFX file just in case.

    Please see the tutorial below:

    Export & import SSL certificates between Windows servers with a PFX file.

    Disclaimer: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, June 3, 2020 2:05 AM
  • Hi!

    CSR was generated by client itself from his machine using IIS8. Once the certificate package was given to us we managed to merge private key with crt file. installation was successfull. We can see the installed one in the list of certificates. But as I told earlier our sites are still using old certificates. 

    So, might it be the reason for this issue? That CSR was generated in other machine?

    I haven't deleted the old certs as while exporting it I was unable to export private it (option got greyed out). So, if would need to revert it, it will gives us an error (private key). 

    Any suggestion please?

    Regards,

    Susmitha 


    Wednesday, June 10, 2020 6:43 AM
  • Hi Susmitha,

    It is possible to be the issue according to the installation document.

    The private key is binding with certificate, and if you have new certificate configured already, old key will not be in use anymore. Maybe that is why the option got greyed out (sorry I cannot test myself).

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, June 11, 2020 8:47 AM
  • Hi !

    Earlier issue was sorted out. As we need to install the new certificate at Load balancer.  Since the installation is done we have been facing issue with officewebapps. Attached is the error message. We havent installed any certificate in office webappserver.

    Can some one suggest?

    Regards,



    Susmithakatreddy

    Monday, June 15, 2020 3:28 PM
  • Hi Susmithakatreddy,

    If you are currently using a wildcard certificate, you can refer to the links below for related information.

    How to Use a Wildcard Certificate With Office Web Apps 2013.

    Configure OWA with wildcard certificate - The server did not respond.

    https://social.technet.microsoft.com/Forums/lync/en-US/247f9b32-e974-4201-bcf4-1eedb8cf8039/configure-owa-with-wildcard-certificate-the-server-did-not-respond?forum=sharepointadmin

    Disclaimer: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, June 17, 2020 7:16 AM
  • DISABLE HTTP/2 IN IIS ON WINDOWS SERVER 2016

    If you decide to disable HTTP/2 in IIS on Windows Server 2016 and only use HTTP/1.1, you can do so by adding two DWORD registry keys. You can copy the text in the box below into an empty Notepad file and save it as a .reg file. Then double-click the file to import the registry keys and reboot.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
    “EnableHttp2Tls”=dword:00000000
    “EnableHttp2Cleartext”=dword:00000000

    If you decide to enable HTTP/2 at a later time, you can either delete the two registry keys.

    https://www.tecklyfe.com/how-to-fix-ns_error_net_inadequate_security-and-err_spdy_inadequate_transport_security-in-iis-on-windows-server-2016/

    Thanks & Regards,


    sharath aluri

    Wednesday, June 17, 2020 6:18 PM
  • Hi!

    The issue has been resolved by adding officewebapps.domain.org.com in hostnames list and reinstalling the new one. But we are using the same certificate for apps as well. Our provider hosted app is currently having an issue. We suspect it is due to registration done during creation of the app. 

    We had separate cert for our apps, which was expired on yesterday, how to replace the existing new certificate for our app?

    Regards,

    Susmitha.




    Thursday, June 18, 2020 12:28 PM
  • Hi Susmitha,

    Please see the references below:

    Renewing the expired Office Online/Web Apps Server farm certificate

    How to change the Office Web Apps / Office Online Server Certificate.

    Disclaimer: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, June 19, 2020 1:18 AM
  • Hi!

    My concern is not about office webapps. I would like to know how to replace the existing new certificate for our app(Provider hosted app)?

    Regards,


    Susmitha


    Monday, June 22, 2020 5:46 AM
  • Hi Susmitha,

    According to this article, high trust certificate would be same as wildcard cert used for the SharePoint web applications if high trust Add-ins and SharePoint shares same domain. You can refer to the article for a detailed installation guide.

    Some more references:

    Create high-trust SharePoint Add-ins.

    https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/create-high-trust-sharepoint-add-ins#complete-debugging-with-a-domain-issued-or-commercial-certificate

    Renew Certificate in Provider Hosted Apps Scenario.

    Disclaimer: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    Best regards,

    Chelsea Wu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Monday, June 22, 2020 6:12 AM