@Jeff Woolslayer Hi, I have reran the installation and selected the new cert provide by my CA but now I have an issue with the WAC Encryption certificate because the other certificate in the chain is not valid anymore. 

The WAC certificate that was self-signed and put into Intermediate Certification Authorities store is expired (was only valid for 3 month).

How can I update that chain?

The encryption certificate is generated using the certificate you specify in the installer. If you can reproduce this 100% please share the exact steps.

Did you ever get the full steps to create a useful certificate Windows Admin Center can use? I'm having similar issues. I have a CA but the certs I create won't work like the original self signed cert @Jeff Woolslayer 

@ClenJ 

to import a wildcard cert i had purchased i needed to do two things.

1 make a PFX

2 import it

I had server core so this was um, fun.

for 1

i used winget to install opensll on my local machine

i used wget to get the latest admin center MSI inside server core via rdp

then ran

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

where certificate.pfx is the new pfx, -inkey is the private key used for the csr and -in is the wildcard cert issued  and certfile is the cert of the CA.

then i imported into localmachine\my using admin center

however i cannot get admin center msi command to work with the new thumbprint, all an MSI log gives me is this, i don't think MS actually cares about admin center - if they did one could import key and cert from UI or define via two params - just like i can in most linux apps.... the server team is a shadow of its former self unfortunately as folks only have eyes for azure...

Action ended 17:10:06: ExecuteAction. Return value 3.
MSI (c) (A0:58) [17:10:06:078]: Doing action: FatalError
Action 17:10:06: FatalError.
Action start 17:10:06: FatalError.
Action 17:10:06: FatalError. Dialog created

in quite mode I get more info, seems to be a 1603 issue - MSI installation error 1603 - Windows Server | Microsoft Docs i don't have time to dig deeper, i switched to firefox from edge so i can bypass the cert issue, stupid MS.

If you can get the thumbprint reconfigure working let me know!

@thegluck 

Thank you for this! I've been really frustrated trying to update our SSL certificate before it expired. Trying to just change the application from Programs/Features wasn't working because it kept reverting back to the expiring cert after I closed the installer. Your method finally did the trick. 

@thegluck You are my hero, dude :)

I was desperately looking for a way to change cert WITHOUT having to use the installer, in order to automaticly change the cert whenever we run our cert creation procedure - and also on demand from within our own website. Thanks a lot for that

@thegluck

The Step 4 does not work, it return: "parameter is incorrect"
I use the THUMBPRINT funded at Step 1 corresponding with WAC, the port used by me (4433) and App iD founded at Step 2

Any idea what might be wrong ?

@Xperiens 

in powershell, just type in the command netsh 

then http

should have something that looks like  netsh http>

then enter: 

add sslcert ipport=0.0.0.0:443 certhash=thumbprint-from-ssl appid={appid guid}

Seem to have cleared up any parameter issue.