Previous Topic: Identify your Trusted Identity ProviderNext Topic: Add the New Certificates to your CA SiteMinder Trusted Identity Provider

Agent for SharePoint GuideAdvanced OptionsHow to Replace the Certificates for your CA SiteMinder Trusted Identity ProviderCreate a PowerShell Script to Update the Certificates

Create a PowerShell Script to Update the Certificates

Adding the new certificates to your CA SiteMinder trusted identity provider involves several steps using the SharePoint 2010 Management shell.

We recommend using a PowerShell script that contains all of the commands, such as the one shown in the following example:

Remove-SPTrustedRootAuthority CASigningRootCert
Remove-SPTrustedRootAuthority CASigningCert

$rootcert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("full_path_to_updated_certificate_authority_certificate.cer")
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("full_path_to_signing_certificate.cer")
$tip = Get-SPTrustedIdentityTokenIssuer name_of_siteminder_trusted_identity_provider
$tip.SigningCertificate = $cert
$tip.Update()
New-SPTrustedRootAuthority -Name "CASigningRootCert" -Certificate $cert
New-SPTrustedRootAuthority -Name "CASigningCert" -Certificate $cert

Follow these steps:

  1. Copy the example script shown previous and save it on your SharePoint central administration server as a .ps1 file.
  2. Open the .ps1 file with a text editor.
  3. Edit the .ps1 file to suit your environment with the following steps:
    1. Locate the following text: 
      full_path_to_updated_certificate_authority_certificate
    2. Replace the previous text with the full path to your new certificate authority (root) certificate.

      Example: C:\exampleserver\certificates\rootcertificate.cer

    3. Locate the following text: 
      full_path_to_signing_certificate
    4. Replace the previous text with the full path to your new signing certificate.

      Example: C:\exampleserver\certificates\signingcertificates\sharepointsigningcertificate.cer

    5. Locate the following text: 
      name_of_siteminder_trusted_identity_provider
    6. Replace the previous text with the name of your CA SiteMinder trusted identity provider.

      Example: SiteMinder_TIP

  4. Save the .ps1 file and close the text editor.

    The Windows PowerShell script is created.