This was a internal request from support team to quickly fix the certificate expire issue. I would like to post it here in case you need it. Please note this should only apply to your Dev VHD, and strongly recommand you create a checkpoint before proceed.
One Script for all steps(renew certificate,grant permission, replace in config, reset iis and batch)
Function Update-Thumberprint
{
Set-Location -Path "cert:LocalMachineMy"
$oldCerts = Get-childitem | where { $_.subject -match "DeploymentsOnebox" -or $_.Subject -match "MicrosoftDynamicsAXDSCEncryptionCert"}
$ConfigFiles =
@("C:AOSServicewebrootweb.config",
"C:AOSServicewebrootwif.config",
"C:AOSServicewebrootwif.services.config",
"C:FinancialReportingServerApplicationServiceweb.config",
"C:RetailServerwebrootweb.config"
)
foreach ($oldCert in $oldCerts)
{
$newCert = New-SelfSignedCertificate -CloneCert $oldCert
#consider to delete the old cert
$keyPath = Join-Path -Path $env:ProgramData -ChildPath "MicrosoftCryptoRSAMachineKeys"
$keyName = $newCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$keyFullPath = Join-Path -Path $keyPath -ChildPath $keyName
$aclByKey = (Get-Item $keyFullPath).GetAccessControl('Access')
$permission = "EveryOne","Read", "Allow"
$accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission
$aclByKey.SetAccessRule($accessRule)
Set-Acl -Path $keyFullPath -AclObject $aclByKey -ErrorAction Stop
foreach($configFile in $ConfigFiles)
{
(Get-Content -Path $configFile).Replace($oldCert.Thumbprint,$newCert.Thumbprint) | Set-Content $configFile
}
}
}
Update-Thumberprint
iisreset
Restart-Service "DynamicsAxBatch"
Please copy all the script and run in powershell via administrator previligge.
Each time you run this script, it will create a new set of certificates. So do not repeat it.
Hope it helps.
This post first appeared on MSDN Blogs | Get The Latest Information, Insights, Announcements, And News From Microsoft Experts And Developers In The MSDN Blogs., please read the originial post: here