Recently we ran into an issue with our production deployment of Windows Admin Center. When attempting to update our custom certificate for the service, we were unable to do so. Using MS recommended method of updating the certificate (namely run the installer and then perform a “Change” installation) we received an error saying “Something went wrong”.

No doubt you all can appreciate the very verbose and clear explanation provided by that error. After a lot of digging around we were able to find a way to do it manually using netsh. For posterity I have provided the method below:


Stop the Windows Admin Service:

Get-Service ServerManagementGateway* | Stop-Service

Identify the netsh SSL current config:

netsh http show sslcert

SSL Certificate bindings:

    IP:port                      :
    Certificate Hash             : YourCertThumbPrint
    Application ID               : {YourWACAppID}
    Certificate Store Name       : (null)
    Verify Client Certificate Revocation : Enabled
    Verify Revocation Using Cached Client Certificate Only : Disabled
    Usage Check                  : Enabled
    Revocation Freshness Time    : 0
    URL Retrieval Timeout        : 0
    Ctl Identifier               : (null)
    Ctl Store Name               : (null)
    DS Mapper Usage              : Disabled
    Negotiate Client Certificate : Disabled
    Reject Connections           : Disabled
    Disable HTTP2                : Not Set
    Disable QUIC                 : Not Set
    Disable TLS1.2               : Not Set
    Disable TLS1.3               : Not Set
    Disable OCSP Stapling        : Not Set
    Disable Legacy TLS Versions  : Not Set

Make note of the Application ID and then delete the binding

netsh http delete sslcert ipport=

Get your new certificate thumbprint with powershell:

Get-ChildItem Cert:\LocalMachine\My\

Bind the new cert to your install via netsh:

netsh http add sslcert ipport={port} certhash={YourCertThumbPrint} appid={YourWACAppID}

Restart the WAC Services

Get-Service ServerManagementGateway* | Stop-Service

Browse to your instance, you should now see the new SSL cert bound to the WAC install.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *