Agent for SharePoint Guide › Configure SharePoint › How to Configure the Trusted Identity Provider › Add Additional Certificate Authority Certificates to the PowerShell Script

Add Additional Certificate Authority Certificates to the PowerShell Script

The PowerShell script created by the SharePoint connection wizard accommodates the following certificates:

• A certificate authority certificate (also named a root certificate)
• One SSL certificate.

The trusted identity provider requires that all certificates in the certificate chain are included. If an intermediate certificate authority signed your certificate instead, modify the PowerShell script to include both certificate authority certificates.

The following illustration describes the differences between the default PowerShell script, and a PowerShell script that accommodates multiple certificate-authority certificates:

Follow these steps:

1. Copy the following section from your PowerShell script:

   $rootcert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("<full path to Root certificate file>")
   New-SPTrustedRootAuthority -Name "<Trusted root authority name>" -Certificate $rootcert
   

2. Copy the following section from your PowerShell script:
3. Add a new line after the section you copied, and then paste the copied into the new line.
4. Edit the pasted section using the changes shown in the following table as a guide:

1. To add additional certificate authority certificates, repeat Steps 1 through 4.
2. Save your changes and close your text editor.

   The PowerShell script is modified.

3. Create a trusted identity provider.