Forum Discussion

tlyczko2's avatar
tlyczko2
Copper Contributor
Apr 01, 2020

How do I create a new certificate for Windows Admin Center??

I just now observed that our internal WAC certificate was only two months old and it's already expired. Can I simply create and use our own self-signed certificate and use it?? Do I install it like n...
infrost's avatar
infrost
Copper Contributor
Feb 06, 2025

This method still works in v2410. But need to add permissions on the Certificate.

In brief, after WAC's install, go to `mmc.exe`

  • `mmc.exe` - File - Add or Remove Snap-ins and select Certificates.
        - Please note that certificates under LocalMachine cannot be managed by certmgr.msc.
  • LocalMachine - Personal - Certificates - find the Client_Cert you just installed.
  • Right click - All Tasks - Manage Private Keys
  • In the Security dialogue box, click the Add button
  • In the text box, type ‘Network Service’ (case does not matter). Click Check Names to ensure that you have entered the correct name.

When you return to the Security dialogue box, an item named NETWORK SERVICE will appear Windows will give it Full Control permissions by default. Please reduce/check it to Read only. Click OK.

The WAC will now open normally.


I wrote a complete instruction here (for non-Chinese users, maybe you can use a web translator):

https://blog.infrost.site/2025/02/06/WindowsAdminCenterInstall2410/

or look up this reference:
https://projectrunspace.org/windows-admin-center-v2-with-certificate-cannot-load-site/

Kristaps_Esterlins's avatar
Kristaps_Esterlins
Copper Contributor
Mar 19, 2025

Hi,

For those who have the issue with the latest WAC (Release 2410) the permissions can be changed inside the Host Windows Server without using MMC if you have either Hyper-V Server 2019 or a Windows Server instance without Desktop Experience (Server Core)

The instruction is here - https://www.server-world.info/en/note?os=Windows_Server_2025&p=admin_center&f=1

Section [2] - Change the access permission of the private key of the SSL/TLS certificate so that it can be used with Windows Admin Center.

To change the default self-signed certificate in WAC, you have to use the PowerShell module - https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/deploy/install?tabs=server-core&pivots=windows-server-2022#update-the-certificate-used-by-windows-admin-center

!NB - The SubjectName parameter is always without "CN=" when passing it through the Set-WACCertificateSubjectName and Set-WACCertificateAcl commands

Resources