To rotate certificates on machines created from the Dynamics 365 for Finance and Operations downloadable VHD, complete the following steps for each certificate. Sample PowerShell scripts are provided where applicable.
-
Identify which certificates will expire in the next two months.
Get-ChildItem -path Cert:\LocalMachine\My | Where {$_.NotAfter -lt $(get-date).AddMonths(2)} | Sort NotAfter | Format-Table Subject, Thumbprint, NotAfter
-
Record the thumbprint of the certificate that needs to be replaced. You will need this in the next step.
-
Obtain a new certificate for the expired certificate.
Set-Location -Path "cert:\LocalMachine\My" $OldCert = (Get-ChildItem -Path ) New-SelfSignedCertificate -CloneCert $OldCert
Note: The thumbprint must be entered without spaces. For more information and an example, see the New-SelfSignedCertificate Powershell documentation.
- Find and replace all references to the thumbprint of the expired certificate with the thumbprint of the newly created certificate in the configuration files below. These files can be found under C:\AOSService\webroot.
- web.config
- wif.config
- wif.services.config
-
Restart the IIS.
iisreset