Return
-
Title
How to renew and update the SPS SSL Web certificate? -
Description
The SPS SSL Certificate is about to expire and need the steps to renew the SSL certificate. -
Resolution
1. Create a Certificate Signing Request:
- Using a Windows machine:
- Right Click the start menu and select Run and type mmc
- In the management console, click File and add a Snap-in and add the Certificates snap in.
- Select 'Computer account' > 'Local Computer' then click finish followed with OK.
- Expand 'Certificates' then right click on 'Personal'. Select 'All Tasks' > 'Advanced Operations' > 'Create Custom Request'.
- In the next window, click 'Next' > 'Select Proceed without enrollment policy' > Click 'Next' after making sure '(No template) CNG key' and PKCS#10 is selected.
- In 'Certificate Information', expand the 'Details' > Select 'Properties'.
- Enter the desired 'Friendly name' in 'General' tab.
- Add the necessary information in 'Subject' to match the old certificate details.
2. Take the Certificate Signing Request (CSR) created above to your Certificate Authority Admin to have a new Certificate issued using this CSR.
3. You will need to import the new certificate into the Windows machine where you created the CSR (Import it into the Personal certificate store) then you can export it as .PFX format (Which includes the private key that is secured with a password)
4. You will need to convert the .PFX format to two files (.PEM and .KEY) using OpenSSL to upload the new certificate in SPS.
-Convert the certificate from PFX to PEM format using the OpenSSL command:openssl pkcs12 -in c:\New_SPS_Certificate.pfx -clcerts -nokeys -out New_SPS_Certificate.pem
-Exporting the private key form a PFX to a PEM:openssl pkcs12 -in c:\New_SPS_Certificate.pfx -nocerts -out New_SPS_Certificate.key
5. In SPS, go to Basic Settings > Management > SSL certificates:
- Edit the "Server X.509 certificate" and upload the New_SPS_Certificate.pem
- Edit the "Server private key" and upload the New_SPS_Certificate.key
- Click the Commit button
Note: to get openssl in Windows, either download openssl for windows or if you install the feature for Windows Subsystem for Linux then can mount to the c drive using cd /mnt/c and then use the OpenSSL commands above.