Recently we ran into an issue with our production deployment of Windows Admin Center. When attempting to update our custom certificate for the service, we were unable to do so. Using MS recommended method of updating the certificate (namely run the installer and then perform a “Change” installation) we received an error saying “Something went wrong”.
No doubt you all can appreciate the very verbose and clear explanation provided by that error. After a lot of digging around we were able to find a way to do it manually using netsh. For posterity I have provided the method below:
Process
Stop the Windows Admin Service:
Get-Service ServerManagementGateway* | Stop-Service
Identify the netsh SSL current config:
netsh http show sslcert
SSL Certificate bindings:
-------------------------
IP:port : 0.0.0.0:443
Certificate Hash : YourCertThumbPrint
Application ID : {YourWACAppID}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set
Make note of the Application ID and then delete the binding
netsh http delete sslcert ipport=0.0.0.0:443
Get your new certificate thumbprint with powershell:
Get-ChildItem Cert:\LocalMachine\My\
Bind the new cert to your install via netsh:
netsh http add sslcert ipport=0.0.0.0:{port} certhash={YourCertThumbPrint} appid={YourWACAppID}
Restart the WAC Services
Get-Service ServerManagementGateway* | Stop-Service
Browse to your instance, you should now see the new SSL cert bound to the WAC install.
0 Comments