Versions Compared

Old Version 8

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 9

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Style
importhttps://docs.empowerid.com/docs.css
EmpowerID provides a utility application, the EmpowerID Certificate Manager, that you can use to view and manage the various certificates used in your deployment. These certificates include everything from the Server and SSL certificates to third party certificates used in a federated partnership, as well as personal certificates issued to individual users. When you open the utility, it displays any certificates currently stored in the Identity Warehouse and provides functionality for importing, generating and validating certificates.
...
 Anchor
updatesslcerts
updatesslcerts
To update SSL certificates
Follow these steps when you need to replace the SSL certificate used for EmpowerID. To update the certificate, use the EmpowerID Configurator. In a default installation of EmpowerID, the path to the executable is location at "C:\Program Files\TheDotNetFactory\EmpowerID\Programs\EmpowerID.Configurator.exe"
  1. Open the EmpowerID Configurator, and on the Web Server tab, next to SSL Certificate, click Browse.



  2. Select Browse certificate file and click OK, then navigate to the new certificate file and select it, then click Save and close the Configurator.
  3. Add the certificate to the Personal Certificate Store on each EmpowerID web and app server by doing the following. 
    1. Copy the certificate file to each server as needed.
    2. On each server, open mmc and from the File menu, click Add/Remove Snap-in.
    3. In the Add or Remove Snap-ins dialog, select Certificates and then click Add.



    4. Select the Certificates snap-in and then click Add.



    5. From the Certificates snap-in dialog that appears, select Computer account and then click Next.



    6. Select Local computer and then click Finish.



    7. Click OK to close the Add or Remove Snap-Ins dialog.



    8. In the mmc console tree, expand the Certificates (Local Computer) node.
    9. Right-click the Personal node, point to All Tasks, and then click Import.



    10. In the Certificate Import Wizard that appears, click Next.



    11. On the File to Import page, click Browse.



    12. Locate and select the desired certificate and then click Next.



    13. On the Private key protection page, enter the password for the certificate, select Mark this key as exportable and then click Next.



    14. Select Automatically select the certificate store based on the type of certificate and then click Next.



    15. Click Finish to close the Certificate Import Wizard.
    16. Click OK to close the import message.



  4. Bind the new certificate to port 443 on the default web site on all web servers by doing the following:
    1. From the Console Root tree of mmc, expand the Certificates and Personal nodes and the click Certificates.
    2. Locate the SSL certificate and then double-click it to open the Certificate Information dialog.
    3. From the Certificate Information dialog, click the Details tab and then locate and click the Thumbprint field.

      Image Modified

    4. Copy the Thumbprint to a text editor, such as Notepad, and then click OK to close the Certificate Information editor.
    5. From the text editor, remove all spaces from the Thumbprint as shown below.

      Image Modified

    6. Open a command prompt and run 
       Span
      stylebackground: #f4f2f9;color: #0072be;
      netsh http show sslcert
       to retrieve the current port configuration.



    7. Remove the SSL certificate from by running 
       Span
      stylebackground: #f4f2f9;color: #0072be;
      netsh http delete sslcert ipport=0.0.0.0:443
       from the command prompt. Change the port number as needed.

    8. Return to your text editor and copy the thumbprint of the new SSL certificate.
    9. Update the certificate binding for each port by running 
       Span
      stylebackground: #f4f2f9;color: #0072be;
      netsh http add sslcert ipport=0.0.0.0:443 certhash=‎41845b701cdba6ae3ea1d8b81d17dc433acfbccc appid={5d89a20c-beab-4389-9447-324788eb944a}
       from the command prompt. The certhash parameter should be set to the thumbprint for your SSL certificate. The appid parameter should be set to that retrieved above (by running
       Span
      stylebackground: #f4f2f9;color: #0072be;
      netsh http show sslcert
      ).
  5. Open SQL Server Management Studio, expand Databases, and click the node for the EmpowerID database.
  6. In the toolbar, click the New Query button and execute 
     Span
    stylebackground: #f4f2f9;color: #0072be;
    SELECT * FROM CertificateStore
     to find the CertificateStoreID values for both the old and new certificates.

  7. Execute 
     Span
    stylebackground: #f4f2f9;color: #0072be;
    UPDATE CertificateAppliesTo SET CertificateStoreID = 3 WHERE CertificateStoreID = 2
     to update the CertificateAppliesTo table. This replaces the expired certificate with the new everywhere the expired certificate was used. Be sure to replace "2" and "3" with your certificate store IDs.
  8. Finally, execute 
     Span
    stylebackground: #f4f2f9;color: #0072be;
    UPDATE EmpowerIDServer SET CertificateStoreID = 3
     to update the EmpowerIDServer table's CertificateStoreID column. Be sure to replace "3" with the certificate store ID for the new certificate.
     

...