This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 21%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
My SSL certificates for my SharePoint sites are expiring. It's a gov org that issues these. They are refusing to issue new ones. So my boss and I plan on using self signed certs. Importing the self signed certs on the client side into the "stores" has made no difference.
The problem with the self signed certs is that they use the host name rather than a friendly URL. I had no luck with SAN self signed certs, instructions didn't match the options that I saw and they seem really step intensive to do.
The problem with going to a host name based cert, if the users hit the normal friendly URL, it throws a warning error. So we'd have to change their home page to the host name URL. Of course the problem with that is the links, InfoPath forms, all of that will direct to the old friendly URL that will now be expired. So we either update all of those or use AAM so that when people try to go to the old friendly URL that now has expired SSL certs, it redirects them to the host name with the self signed SSL cert.
Can I use Alternate Access Mappings to get around this? If so how?
If you're using Self-Signed Certs, there's no reason you cannot generate one for an FQDN. The example for New-SelfSignedCertificate shows how to do this:
Using an AAM has other complicated factors, such as if a URL was hardcoded with the FQDN, the content would not render, or SharePoint Alerts will use the default AAM they were set up on, etc.
The solution here is to fix the existing certificate by replacing it (self signed or otherwise) with the same FQDN.
That looks like the solution I needed, you're a freaking Genius Trevor! I haven't tried the steps yet, was able to get the other method working NOT using AAM, but this would be more ideal if I can create a cert myself that uses the same URL the issued one uses...
I want to to this on the server? Then export to each WFE? Also, will this conflict with the existing SSL cert using the same URL in the cert store in anyway?
The New-SelfSignedCertificate commandlet is only available in Windows Server 2012 apparently, commandlet is not recognized on 2008 R2.
You can do it on any machine (even your Win 10 desktop) and export the result with the private key to each SharePoint Server, importing it to the Local Computer Personal store.