EmpowerID provides a utility application, the EmpowerID Certificate Manager, that you can use to view and manage the various certificates used in your deployment. These certificates include everything from the Server and SSL certificates to third party certificates used in a federated partnership, as well as personal certificates issued to individual users. When you open the utility, it displays any certificates currently stored in the Identity Warehouse and provides functionality for importing, generating and validating certificates.
EmpowerID stores each certificate in the CertificateStore table of the EmpowerID Identity Warehouse. |
C:\Program Files\TheDotNetFactory\EmpowerID\Programs\EmpowerID.CertificateManager.exe"
After completing the operation, the EmpowerID Certificate Manager displays the results in the Certificate Details pane.
After completing the operation, the EmpowerID Certificate Manager displays the results in the Validation Summary pane.
If the certificate does not meet All of the requirements specified in the Certificate Requirements topic, the validation operation will fail. |
Follow these steps when you need to replace the SSL certificate used for EmpowerID. To update the certificate, use the EmpowerID Configurator. In a default installation of EmpowerID, the path to the executable is location at "C:\Program Files\TheDotNetFactory\EmpowerID\Programs\EmpowerID.Configurator.exe"
Add the certificate to the Personal Certificate Store on each EmpowerID web and app server by doing the following.
Open a command prompt and run
netsh http show sslcert |
to retrieve the current port configuration.
Remove the SSL certificate from by running
netsh http delete sslcert ipport=0.0.0.0:443 |
from the command prompt. Change the port number as needed.
Return to your text editor and copy the thumbprint of the new SSL certificate.
Update the certificate binding for each port by running
netsh http add sslcert ipport=0.0.0.0:443 certhash=41845b701cdba6ae3ea1d8b81d17dc433acfbccc appid={5d89a20c-beab-4389-9447-324788eb944a} |
from the command prompt. The certhash parameter should be set to the thumbprint for your SSL certificate. The appid parameter should be set to that retrieved above (by running
netsh http show sslcert |
).
In the toolbar, click the New Query button and execute
SELECT * FROM CertificateStore |
to find the CertificateStoreID values for both the old and new certificates.
Execute
UPDATE CertificateAppliesTo SET CertificateStoreID = 3 WHERE CertificateStoreID = 2 |
to update the CertificateAppliesTo table. This replaces the expired certificate with the new everywhere the expired certificate was used. Be sure to replace "2" and "3" with your certificate store IDs.
Finally, execute
UPDATE EmpowerIDServer SET CertificateStoreID = 3 |
to update the EmpowerIDServer table's CertificateStoreID column. Be sure to replace "3" with the certificate store ID for the new certificate.
|
|