Renew the Provider Hosted App Certificate

Rohit Dixit 1 Reputation point

Hi Team,

I have to renew the cert file for PHA for Sp2013 environment. Kindly confirm my steps:

1- Get the Cert file and update in all PHA server

2- Same cert file will be provided to SharePoint team

3- SharePoint team will run the below command:

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\Scripts\")

$spt = Get-SPTrustedSecurityTokenIssuer

$spt[0].SigningCertificate = $cert


Please check and conform. Also let me know if any further steps need to be added. Also the PowerShell script If you have in your system for the same.

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,296 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,798 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,893 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 33,641 Reputation points Microsoft Vendor

    Hi @Rohit Dixit,

    To renew the certificate file for a SharePoint 2013 environment using PowerShell, you can follow these steps:

    1.Open the SharePoint Management Shell with administrative privileges.

    2.Obtain or generate a new SSL certificate that meets the requirements for your SharePoint 2013 environment. This typically involves generating a certificate signing request (CSR) and submitting it to a trusted certificate authority (CA). Make sure to include the appropriate subject alternative names (SANs) if necessary.

    3.Import the renewed certificate into the appropriate certificate store on the SharePoint server. Use the following PowerShell command to import the certificate:

    $certificateFilePath = "C:\Path\to\RenewedCertificate.pfx"
    $certificatePassword = ConvertTo-SecureString -String "CertificatePassword" -AsPlainText -Force
    $certificate = Import-PfxCertificate -FilePath $certificateFilePath -Password $certificatePassword -CertStoreLocation Cert:\LocalMachine\My

    4.Bind the renewed certificate to the SharePoint web application. Use the following PowerShell command to assign the renewed certificate to the web application:

    $webApp = Get-SPWebApplication -Identity "http://YourWebApplicationURL"
    $certificate = Get-Item -Path "Cert:\LocalMachine\My\{Thumbprint}"

    Restart Internet Information Services (IIS) on the SharePoint server to apply the changes:

    iisreset /noforce

    After completing these steps, the renewed certificate should be bound to the SharePoint web application, and the IIS bindings should be updated. You can verify the certificate renewal by accessing the SharePoint site using HTTPS and checking the certificate details in the browser.

    Here is a nice article for more details

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.