Apr 01 2020 08:44 AM
Apr 01 2020 08:44 AM
I just now observed that our internal WAC certificate was only two months old and it's already expired. Can I simply create and use our own self-signed certificate and use it?? Do I install it like normal certificates within the Certificates MMC and WAC will automagically use it??
Thank you, Tom
Apr 06 2020 08:37 AM
To update the certificate used by Windows Admin Center, re-run the installer and choose
change, then specify the thumbnail of another installed certificate.
Apr 07 2020 11:25 AM
@Jeff Woolslayer Hi, I have reran the installation and selected the new cert provide by my CA but now I have an issue with the WAC Encryption certificate because the other certificate in the chain is not valid anymore.
The WAC certificate that was self-signed and put into Intermediate Certification Authorities store is expired (was only valid for 3 month).
How can I update that chain?
Apr 07 2020 11:51 AM
The encryption certificate is generated using the certificate you specify in the installer. If you can reproduce this 100% please share the exact steps.
Apr 07 2020 01:12 PM
Mar 16 2022 12:42 PM
Did you ever get the full steps to create a useful certificate Windows Admin Center can use? I'm having similar issues. I have a CA but the certs I create won't work like the original self signed cert @Jeff Woolslayer
Mar 23 2022 05:20 PM - edited Mar 23 2022 05:26 PM
to import a wildcard cert i had purchased i needed to do two things.
1 make a PFX
2 import it
I had server core so this was um, fun.
i used winget to install opensll on my local machine
i used wget to get the latest admin center MSI inside server core via rdp
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
where certificate.pfx is the new pfx, -inkey is the private key used for the csr and -in is the wildcard cert issued and certfile is the cert of the CA.
then i imported into localmachine\my using admin center
however i cannot get admin center msi command to work with the new thumbprint, all an MSI log gives me is this, i don't think MS actually cares about admin center - if they did one could import key and cert from UI or define via two params - just like i can in most linux apps.... the server team is a shadow of its former self unfortunately as folks only have eyes for azure...
Action ended 17:10:06: ExecuteAction. Return value 3.
MSI (c) (A0:58) [17:10:06:078]: Doing action: FatalError
Action 17:10:06: FatalError.
Action start 17:10:06: FatalError.
Action 17:10:06: FatalError. Dialog created
in quite mode I get more info, seems to be a 1603 issue - MSI installation error 1603 - Windows Server | Microsoft Docs i don't have time to dig deeper, i switched to firefox from edge so i can bypass the cert issue, stupid MS.
If you can get the thumbprint reconfigure working let me know!
Apr 02 2022 01:31 AM
Jul 21 2022 06:45 AM
Thank you for this! I've been really frustrated trying to update our SSL certificate before it expired. Trying to just change the application from Programs/Features wasn't working because it kept reverting back to the expiring cert after I closed the installer. Your method finally did the trick.
Jul 31 2022 08:37 PM
@thegluck You are my hero, dude :)
I was desperately looking for a way to change cert WITHOUT having to use the installer, in order to automaticly change the cert whenever we run our cert creation procedure - and also on demand from within our own website. Thanks a lot for that