Falling foul of SharePoint SSL

Posted within Administration on

Recently, despite ensuring the SSL certificates within Internet Information Services (IIS) were updated ahead of their expiry, I fell foul of the hidden certificate within SharePoint 2013’s Security Token Service. In my defence, this is a certificate not mentioned within IIS or the Central Administration site. Its one of those lovely settings that can only be seen, analysed, and amended via PowerShell commands. Once you know/remember its there, its relatively straight forward to update.

$path = "C:\certificate.pfx"
$password = "thepassword"

$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $path, $password, 20

Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $certificate

certutil -addstore -enterprise -f -v root $certificate

iisreset

net stop SPTimerV4
net start SPTimerV4

See: Replace the STS certificate for the on-premises environment