Time to renew PKI cert but not sure if it is being used RRS feed

  • Question

  • User-239686644 posted

    So its time for me to renew a PKI cert here in about 30 days or so.    The cert is on my SharePoint Central admin server.

    What I need to know is how to check if SharePoint is using it?

    Here is what I have done so far:

    1. Check all the IIS binding to make sure the thumbprints on the bindings does mot match the thumbprint on the old cert.

            - I did not find a match. So its not being used by IIS bindings

    2. Checked Get-SPtrustedRootAutority   on the server and compared the PKI Certificate Thumbprint with the old cert.

          -  I did not find a match there either.

    That's all I know how to check.  So any other places to check will  greatly help. 

    I'm just afraid that if I let the cert expire, something will break on my sharepoint farm.

    Friday, September 8, 2017 8:45 PM

All replies

  • User-460007017 posted

    Hi Chilly,

    The most effective way to ensure whether cert has been get renewed is use command line to check the port number. For example if we need to check whether the port is using renewed certificate. You could run this command line:

    netsh http show sslcert

    If the certificate hash match the trumbprint, the it should prove that the certificate is using the newest certificate.

    Best Regards,

    Yuk Ding

    Monday, September 11, 2017 6:49 AM
  • User-239686644 posted


    That is a nice tool, netsh  I will keep that in mind for when I need to check if a cert has been updated yet or not.   Thanks.

    In my situation or the question I was asking, is I know the PKI cert is not renewed.

    What I really need to know, is in a SharePoint farm scenario

      -  Is the PKI cert being used?

     -  Where to look to see if the PKI is being used?

    This way I can find out if the PKI cert is being used or not, to determine If I should renew it. 

    Thank you very much for any help in advance.

    See I have a few PKI certs. 

    Monday, September 11, 2017 3:06 PM
  • User-460007017 posted

    Hi chillymoonbutt,

    The sharepoint certificate issue could be consulted in sharepoint forum. Maybe you could explain how did you deploy the PKI certificate with IIS. Then I could tell you how to check the renewed certificate.

    This link provide the steps to renew PKI certificate in IIS:


    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. 

    Microsoft does not control these sites and has not tested any software or information found on these sites;

    Therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.

    There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,

    Yuk Ding

    Wednesday, September 20, 2017 7:38 AM