Changing my Workflow Manager Farm Certificates
From my experience one of the situation that most scares anyone administering a WFM Farm is changing/update the certificates.
In fact, there is no reason for that fear because the process is pretty much straightforward.
See how easy it is.
So, the first step should be updating the Service Bus Services, for that you should start a Workflow Manager PowerShell console as an Administrator and run the below cmdlets. Set-SBCertificate -FarmCertificateThumbprint YourThumbprint -EncryptionCertificateThumbprint YourThumbprint Stop-SBFarm -VerboseUpdate-SBHostStart-SBFarm
After this step, we need to update the Workflow Manager Services related Certificates
Set-WFCertificate -SslCertificateThumbprint YourThumbprint -EncryptionCertificateThumbprint YourThumbprintStop-WFHostUpdate-WFHostStart-WFHost
If everything went well, this easy steps should do the trick, but as we all known that is not always the case.
So, as the next step we should check the WFM Outbound Certificate, since there is where we see the most issues. For that, you can follow the this process.
Fist run the below cmdlet
Get-WFOutboundCertificate -ServiceURI https://nameofyourserver:12290/
If still returns the old one, do the following:
Set-WFNextOutboundCertificateReference -ServiceURI https://nameofyourserver:12290/ -Thumbprint yourThumbprint
Now if you run the Get-WFOutboundCertificate cmdlet you should get the old one and the new one.
Now run the following the cmdlet to define the new one as the default for the current workflow manager farm
Set-WFNextOutboundCertificateAsCurrent -ServiceURI https://nameofyourserver:12290/
Now if you run the Get-WFOutboundCertificate Cmdlet again, you should get the just the new one
Get-WFOutboundCertificate -ServiceURI https://nameofyourserver:12290/
After this steps, you probably would need to ptach things up from the Sharepoint side, eg. if you are using your Workflow Manager Farm on your Sharepoint Portal.
Those extra steps would be as below:
- Restart IIS on each of the SharePoint WFEs
- Force the immediate run of the "Refresh Trusted Security Token Services Metadata" timerjob
- Add the Workflow Manager Certificate to SharePoint’s trust: https://technet.microsoft.com/en-us/library/jj658589.aspx
Hope that helps
Cheers