From my experience one of the situation that most scares anyone administering a WFM Farm is changing/update the certificates.
In fact, there is no reason for that fear because the process is pretty much straightforward.
See how easy it is.
So, the first step should be updating the Service Bus Services, for that you should start a Workflow Manager PowerShell console as an Administrator and run the below cmdlets.
Set-SBCertificate -FarmCertificateThumbprint YourThumbprint -EncryptionCertificateThumbprint YourThumbprint
Stop-SBFarm -Verbose
Update-SBHost
Start-SBFarm
After this step, we need to update the Workflow Manager Services related Certificates
Set-WFCertificate -SslCertificateThumbprint $cert.Thumbprint -EncryptionCertificateThumbprint $cert.Thumbprint
Stop-WFHost
Update-WFHost
Start-WFHost
If everything went well, this easy steps should do the trick, but as we all known that is not always the case.
So, as the next step we should check the WFM Outbound Certificate, since there is where we see the most issues. For that, you can follow the this process.
Fist run the below cmdletGet-WFOutboundCertificate -ServiceURI https://nameofyourserver:12290/
If still returns the old one, do the following:
Set-WFNextOutboundCertificateReference -ServiceURI https://nameofyourserver:12290/ -Thumbprint yourThumbprint
Now if you run the Get-WFOutboundCertificate cmdlet you should get the old one and the new one.
Now run the following the cmdlet to define the new one as the default for the current workflow manager farm
Set-WFNextOutboundCertificateAsCurrent -ServiceURI https://nameofyourserver:12290/
Now if you run the Get-WFOutboundCertificate Cmdlet again, you should get the just the new one
Get-WFOutboundCertificate -ServiceURI https://nameofyourserver:12290/
After this steps, you probably would need to ptach things up from the Sharepoint side, eg. if you are using your Workflow Manager Farm on your Sharepoint Portal.
Those extra steps would be as below:
- Restart IIS on each of the SharePoint WFEs
- Force the immediate run of the “Refresh Trusted Security Token Services Metadata” timerjob
- Add the Workflow Manager Certificate to SharePoint’s trust: https://technet.microsoft.com/en-us/library/jj658589.aspx
Hope that helps
Cheers
This post first appeared on MSDN Blogs | Get The Latest Information, Insights, Announcements, And News From Microsoft Experts And Developers In The MSDN Blogs., please read the originial post: here