Agent for SharePoint Guide › Configure SharePoint › How to Configure the Trusted Identity Provider › Modify the PowerShell Script › Modify the PowerShell Script for Certificates Issued by a Trusted Certificate Authority

Modify the PowerShell Script for Certificates Issued by a Trusted Certificate Authority

If you are using a certificate signed by a certificate authority that is trusted by the SharePoint server, modify the PowerShell script to do the following tasks:

• Skip the step to import the certificate authority certificate.
• Skip the stop to create a new SharePoint trusted root authority.
• Import only the signing certificate.

Follow these steps:

1. Open the PowerShell script with any text editor.
2. Comment the first two lines in the PowerShell script, as shown in the following example:

   #$rootcert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("<full path to Root certificate file>")
   #New-SPTrustedRootAuthority -Name "<Trusted root authority name>" -Certificate $rootcert
   

3. Locate the following text:

   "<full path to Signing certificate file>"
   

4. Replace the previous text with the full path to your Signing certificate. For example, if the full path to your certificate is C:\certificates\sharepoint\signing_certificate.cer, the updated line matches the following example:

   "C:\certificates\sharepoint\signing_certificate.cer"
   

5. Locate the second occurrence of the following text:

   <Trusted root authority name>
   

6. Replace the previous text with a friendly name for the new trusted root authority in SharePoint. For example, if the name you want is SPSigningAuth, the updated line matches the following example:

   "SPSigningAuth"
   

7. Locate the following text:

   "<Name of the trusted identity provider>"
   

8. Replace the previous text with the name of your SharePoint realm (the realm name follows $realm = in the PowerShell script). For example, if the name of your SharePoint realm is $realm="urn:moss2O1O-wsfed1-casm", the updated line could match the following example:

   "moss2O1O-wsfed1-casm"
   

9. Locate the following text:

   "<Description for the Trusted Identity Provider>"
   

10. Replace the previous text with a description for your trusted identity provider. For example, if you want to describe the trusted identity provider as "SiteMinder Provider," the updated line could match the following example:

    "SiteMinder Provider"
    

    Note: The LDAP directory and Active Directory charts contain additional examples of possible names.

11. Save your changes and close your text editor.

    The PowerShell script is modified.

12. Create a trusted identity provider.