Sunday, August 14, 2022

Change a SSL Certificate on Windows Server 2012 R2 Web Application Proxy

You setup ADFS 3.0 with an Web Application Proxy and now need to change the SSL certificate for a published Web Application.

But as the installation of IIS is not required and necessary its not possible to perform that via the IIS management console. You also found no options in the Remote Access Management console. So how can you change the certificate?

The solution here is using powershell.

1.) Import at first the certificate (with public key) via MMC.

2.) Once done you need the Thumbprint, you can get that via MMC or more easier via:

dir Cert:\LocalMachine\My | fl

or better

dir Cert:\LocalMachine\My | select Subject,NotBefore,Thumbprint

3.) Once you have the certificate thumbprint you can fetch up the ID from the web application you wish to change

get-WebApplicationProxyApplication | fl

4.) After that you can use the ID and the Certificate Thumbprint to change the configured SSL certificate

Get-WebApplicationProxyApplication -ID 4413ab09-388d-09f9-848b-ee45db528f95 | set-WebApplicationProxyApplication -ExternalCertificateThumbprint D04760EA713A37B49FE03D03ED4339B5962D0337

5.) Validate the change now via:

get-WebApplicationProxyApplication | fl

or

netsh http show ssl

You can also use external services like https://www.sslshopper.com/ssl-checker.html or https://www.ssllabs.com/ssltest/analyze.html

 

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

23FollowersFollow
- Advertisement -

Latest Articles