SharePoint/Certificate Management

Create a certificate signing request (CSR)

 Note:
You can still use other methods such as certlm.msc to enroll certificate without creating a certificate signing request.
To import certificates with private keys, refer to Import a certificate.

Open the SharePoint Management Shell as administrator, and run the following command:

New-SPCertificate -FriendlyName "<ExampleName>" -CommonName <Server FQDN> -AlternativeNames <Domain Name 1>, <Domain Name 2>...

The certificate signing request will be stored on the SharePoint Server, visit the link to view and save.

• -FriendlyName
  • Specify a friendly name for the certificate. It can help you identify the certificates.

• -CommonName
  • Specify the primary domain name that this certificate will be assigned to. Server FQDN is recommended.

• -AlternativeNames
  • Specify the additional domain names to which this certificate will be assigned.

This example creates a new certificate signing request, specifying the friendly name "SharePoint Central Administration", using the server FQDN as the common name, and specifying three additional domain names.

New-SPCertificate -FriendlyName "SharePoint Central Administration" -CommonName sp01.ithandbook.org -AlternativeNames sp01.ithandbook.org, sharepoint.ithandbook.org, mysite.ithandbook.org

This example creates a new certificate signing request, specifying the organizational information, key size and algorithm, and path to the certificate signing request file that will be generated, making the private key of this certificate exportable.

New-SPCertificate -FriendlyName "Example Certificate Name" -CommonName sp01.ithandbook.org -AlternativeNames sharepoint.ithandbook.org, sp01.ithandbook.org, mysite.ithandbook.org -Organization "ITHandbook" -Locality "San Jose" -State "California" -Country "US" -KeySize 2048 -HashAlgorithm SHA256 -Exportable -Path "C:\Users\itadmin\Desktop\csr.txt"

Complete the certificate requestion

Open the SharePoint Management Shell as administrator, and run the following command:

Import-SPCertificate -Path "<Path>"

This example imports a certificate from the C:\Users\itadmin\Desktop\cert.cer file into the SharePoint farm.

Import-SPCertificate -Path C:\Users\itadmin\Desktop\cert.cer

This example imports a certificate with any associated private key from the C:\Users\itadmin\Desktop\test.pfx file with password "123456" into the SharePoint farm. It also allows private keys that were imported during this operation to be exported.

$password = ConvertTo-SecureString "123456" -AsPlainText -Force 
Import-SPCertificate -Path "C:\Users\itadmin\Desktop\test.pfx" -Password $password -Exportable

Import a certificate

 Note:
If a certificate has been enrolled, use the following cmdlet to import the certificate.

Use Import-SPCertificate cmdlet to import a certificate from the certificate file.

$password = ConvertTo-SecureString -AsPlainText -Force
Import-SPCertificate -Path "\\path\to\certificates.pfx" -Password $password -Exportable

• $password
  • Prompt for password and convert it into an encrypted string.

• -Path
  • The path to the certificate.

• -Password
  • Use the password you previously entered that is used to protect the certificate.

• -Exportable
  • Make the private keys of the certificates imported into SharePoint that can be exported.
  • This is optional.

Apply a certificate to the Web Application

Log in to the Central Administration and navigate to Application Management → Manage web applications.

Select the desired web application and click Edit.

Select a zone to proceed.

Scroll down to the Security Configuration section.

• Use Secure Sockets Layer (SSL)
  • Set it to Yes to enable SSL for the web application.

• Server Certificate
  • Select a certificate from the drop-down box.

Click Save to save the changes.