Forum Discussion

tlyczko2's avatar
tlyczko2
Copper Contributor
Apr 01, 2020

How do I create a new certificate for Windows Admin Center??

I just now observed that our internal WAC certificate was only two months old and it's already expired. Can I simply create and use our own self-signed certificate and use it?? Do I install it like n...
Mathieu Desjardins's avatar
Mathieu Desjardins
Copper Contributor
Apr 07, 2020

Jeff Woolslayer Hi, I have reran the installation and selected the new cert provide by my CA but now I have an issue with the WAC Encryption certificate because the other certificate in the chain is not valid anymore. 

The WAC certificate that was self-signed and put into Intermediate Certification Authorities store is expired (was only valid for 3 month).

How can I update that chain?

  • Jeff Woolslayer's avatar
    Jeff Woolslayer
    Iron Contributor
    Apr 07, 2020

    The encryption certificate is generated using the certificate you specify in the installer. If you can reproduce this 100% please share the exact steps.

    • ClenJ's avatar
      ClenJ
      Copper Contributor
      Mar 16, 2022

      Did you ever get the full steps to create a useful certificate Windows Admin Center can use? I'm having similar issues. I have a CA but the certs I create won't work like the original self signed cert Jeff Woolslayer 

      • alexbal's avatar
        alexbal
        Brass Contributor
        Mar 24, 2022

        ClenJ 

        to import a wildcard cert i had purchased i needed to do two things.

        1 make a PFX

        2 import it

         

        I had server core so this was um, fun.

        for 1

        i used winget to install opensll on my local machine

        i used wget to get the latest admin center MSI inside server core via rdp

        then ran

         

        openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

         

        where certificate.pfx is the new pfx, -inkey is the private key used for the csr and -in is the wildcard cert issued  and certfile is the cert of the CA.

         

        then i imported into localmachine\my using admin center

         

        however i cannot get admin center msi command to work with the new thumbprint, all an MSI log gives me is this, i don't think MS actually cares about admin center - if they did one could import key and cert from UI or define via two params - just like i can in most linux apps.... the server team is a shadow of its former self unfortunately as folks only have eyes for azure...

         

        Action ended 17:10:06: ExecuteAction. Return value 3.
        MSI (c) (A0:58) [17:10:06:078]: Doing action: FatalError
        Action 17:10:06: FatalError.
        Action start 17:10:06: FatalError.
        Action 17:10:06: FatalError. Dialog created

         

        in quite mode I get more info, seems to be a 1603 issue - https://docs.microsoft.com/en-us/troubleshoot/windows-server/application-management/msi-installation-error-1603 i don't have time to dig deeper, i switched to firefox from edge so i can bypass the cert issue, stupid MS.

         

        If you can get the thumbprint reconfigure working let me know!

Resources