Created
September 26, 2019 15:46
-
-
Save harshbaid/f048e318c2af3d4ea44488ab166f77ef to your computer and use it in GitHub Desktop.
Steps to update expired Sitecore SSL cert, XConnect site SSL cert, and XConnect Client cert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Steps to update expired Sitecore SSL cert, XConnect site SSL cert, XConnect client cert | |
| - Remove existing expired certs and client certs including root certs | |
| - Download SIF scripts from https://github.com/Sitecore/Sitecore.HabitatHome.Utilities/ | |
| - Use Add-SSLSiteBindingWithCertificate.ps1 to generate SSL cert for Sitecore and XConnect IIS site | |
| - Comment everything else in install-xp0.ps1 except the part that generates client cert for xconnect | |
| - Use install-xp0.ps1 to generate Client cert for XConnect cert authentication | |
| - Ensure root cert, cert and client cert are installed correctly using certlm.msc | |
| - Update IIS Site bindings to use new certs | |
| - Update connectionstrings and appsettings config files in Sitecore and XConnect to use new cert's thumbprint | |
| - From certlm.msc, Assign permission on client cert > right click and manage keys > to IIS AppPool of sitecore and xconnect sites | |
| #> | |
| # PS query to check local certs | |
| Get-ChildItem Cert:\LocalMachine\My | |
| # PS query to check root certs | |
| Get-ChildItem Cert:\LocalMachine\Root | |
| # PS query that shows another way of querying expired certs from local or root | |
| Get-ChildItem -Path cert: -Recurse | where { $_.Thumbprint -like "5315EF83D8E7F3DC94CAF1CF15B3AC98A4FCC007" } | Select $_ | |
| # PS query to remove identified certs from local or root | |
| Get-ChildItem Cert:\LocalMachine\My\#c e r t t h u m p r i n t# | Remove-Item | |
| Get-ChildItem Cert:\LocalMachine\Root\#c e r t t h u m p r i n t# | Remove-Item | |
| # PS query that shows another way of removing identified certs from local or root | |
| Get-ChildItem -Path cert: -Recurse | where { $_.Thumbprint -like "5315EF83D8E7F3DC94CAF1CF15B3AC98A4FCC007" } | Remove-Item | |
| # PS script to generate ssl cert for Sitecore | |
| .\Add-SSLSiteBindingWithCertificate.ps1 -SiteName sitename.local -Port 443 -HostName sitename.local -CertificateName sitename.local | |
| # PS script to generate ssl cert for Sitecore XConnect | |
| .\Add-SSLSiteBindingWithCertificate.ps1 -SiteName sitename_xconnect.local -HostName sitename_xconnect.local -CertificateName sitename_xconnect.local | |
| # PS script to be executed only after commenting out everything else except the part that generates client cert for xconnect | |
| .\install-xp0.ps1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment