Hey there. The Finn here with another little quick update. This time on Windows Admin Center and certificates.
You are using Windows Admin Center, right? It’s good stuff. You like good stuff, right?
Self-signed is the default option, but man is that an ugly way to go.
Here is how you update your Windows Admin Center certificate without any third party tool.
Open up Powershell, run dir cert:\localmachine\my to get a list of installed certificates.
Copy the thumbprint for the certificate you want to use.
Then we will check for the application ID that WAC uses and the port it is bound to (Default is 6515) with netsh http show sslcert
Once we have the new thumbprint and the appid, we can go ahead and delete the existing certificate binding, again with netsh http delete sslcert=0.0.0.0:6515 (or the port you are using)
An finally we can bind the new certificate to the WAC port.
And that is all there is to it. However… I saw a retweet from my MVP friend Andy Syrewicze who linked to a colleague of his who wrote a little handy tool that does this switch-a-roo as well.
You can find that tool here: https://etechgoodness.wordpress.com/2019/02/28/announcing-windows-admin-center-certificate-selector/