Previous Topic: Modify the PowerShell Script for Certificates Signed by an Un–Trusted External Certificate AuthorityNext Topic: Modify the PowerShell Script for Certificates Issued by a Trusted Certificate Authority

Agent for SharePoint GuideConfigure SharePointHow to Configure the Trusted Identity ProviderModify the PowerShell ScriptModify the PowerShell Script for Un–Trusted Self-Signed Certificates

Modify the PowerShell Script for Un–Trusted Self-Signed Certificates

If you are using a self-signed certificate that is issued by a certificate authority which is not explicitly trusted by your SharePoint server, modify the PowerShell script to do the following tasks:

Follow these steps:

  1. Open the PowerShell script with any text editor.
  2. Locate the following text: 
    "<full path to Root certificate file>"
  3. Replace the previous text with the full path to your root certificate. For example, if the full path to your certificate is C:\certificates\sharepoint\certificate_authority_certificate.cer, the updated line matches the following example: 
    "C:\certificates\sharepoint\certificate_authority_certificate.cer"
  4. Locate the first occurrence of the following text: 
    <Trusted root authority name>
  5. Replace the previous text with a friendly name for the new trusted root authority in SharePoint. For example, if the name you want is SPCAAuth, the updated line matches the following example: 
    "SPCAAuth"
  6. Locate the following text: 
    "<full path to Signing certificate file>"
  7. Replace the previous text with the full path to your Signing certificate. For example, if the full path to your certificate is C:\certificates\sharepoint\signing_certificate.cer, the updated line matches the following example: 
    "C:\certificates\sharepoint\signing_certificate.cer"
  8. Locate the second occurrence of the following text: 
    <Trusted root authority name>
  9. Replace the previous text with a friendly name for the new trusted root authority in SharePoint. For example, if the name you want is SPSigningAuth, the updated line matches the following example: 
    "SPSigningAuth"
  10. Locate the following text: 
    "<Name of the trusted identity provider>"
  11. Replace the previous text with the name of your SharePoint realm (the realm name follows $realm = in the PowerShell script). For example, if the name of your SharePoint realm is $realm="urn:moss2O1O-wsfed1-casm", the updated line could match the following example: 
    "moss2O1O-wsfed1-casm"
  12. Locate the following text: 
    "<Description for the Trusted Identity Provider>"
  13. Replace the previous text with a description for your trusted identity provider. For example, if you want to describe the trusted identity provider as "SiteMinder Provider," the updated line could match the following example: 
    "SiteMinder Provider"

    Note: The LDAP directory and Active Directory charts contain additional examples of possible names.

  14. If your certificate chain contains more than one certificate authority certificate, add the other certificate authority certificates to the script. If your script contains one certificate authority certificate, go to the next step.
  15. Save your changes and close your text editor.

    The PowerShell script is modified.

  16. Create a trusted identity provider.