Renew-SPCertificate
Renews a certificate and creates a new certificate signing request.
Syntax
Renew-SPCertificate
[-Identity] <SPServerCertificatePipeBind>
-FriendlyName <String>
[-CommonName <String>]
[-AlternativeNames <String[]>]
[-OrganizationalUnit <String>]
[-Organization <String>]
[-Locality <String>]
[-State <String>]
[-Country <String>]
[-Exportable]
[-HashAlgorithm <String>]
[-Path <String>]
[-Force]
[-AssignmentCollection <SPAssignmentCollection>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Renew-SPCertificate
[-Identity] <SPServerCertificatePipeBind>
-FriendlyName <String>
[-CommonName <String>]
[-AlternativeNames <String[]>]
[-OrganizationalUnit <String>]
[-Organization <String>]
[-Locality <String>]
[-State <String>]
[-Country <String>]
[-Exportable]
[-KeySize <Int32>]
[-HashAlgorithm <String>]
[-Path <String>]
[-Force]
[-AssignmentCollection <SPAssignmentCollection>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Renew-SPCertificate
[-Identity] <SPServerCertificatePipeBind>
-FriendlyName <String>
[-CommonName <String>]
[-AlternativeNames <String[]>]
[-OrganizationalUnit <String>]
[-Organization <String>]
[-Locality <String>]
[-State <String>]
[-Country <String>]
[-Exportable]
[-EllipticCurve <EllipticCurveType>]
[-HashAlgorithm <String>]
[-Path <String>]
[-Force]
[-AssignmentCollection <SPAssignmentCollection>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
SharePoint supports renewing SSL certificates via the Renew-SPCertificate PowerShell cmdlet. This creates a new certificate signing request based on the properties of an existing certificate and is the first step in a three-step process to renew an SSL certificate.
Once an SSL certificate request is created via the operation, the SharePoint administrator must submit the certificate request to their SSL certificate authority. The SSL certificate authority will then generate a signed certificate based on the request and return it to the SharePoint administrator. The SharePoint administrator must then import the certificate provided by the SSL certificate authority into SharePoint. SharePoint will then pair the imported certificate with the private key generated by the certificate request operation. The certificate is then ready to be used by SharePoint.
When you import a certificate as part of a certificate renewal operation, you can specify the Replace switch parameter with the Import-SPCertificate cmdlet. This tells SharePoint to automatically replace the certificate assignments of the certificate being renewed with the new certificate.
Examples
------------EXAMPLE-----------
Renew-SPCertificate -Identity "Sites Certificate (2020)" -FriendlyName "Sites Certificate (2021)" -Exportable -Path "\\server\fileshare\Team Sites Certificate Signing Request.txt"
This example renews a certificate and creates a certificate signing request.
Parameters
-AlternativeNames
Additional DNS domain names or IP addresses that this certificate will be assigned to. Fully Qualified Domain Names (FQDNs) are recommended.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AssignmentCollection
Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the SPAssignment object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or SPSiteAdministration objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.
When the Global parameter is used, all objects are contained in the global store. If objects are not immediately used, or disposed of by using the Stop-SPAssignment command, an out-of-memory scenario can occur.
Type: | SPAssignmentCollection |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-CommonName
The primary DNS domain name or IP address that this certificate will be assigned to. Fully Qualified Domain Names (FQDNs) are recommended.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Country
The 2 letter country code where your organization is legally located. This must be an ISO 3166-1 alpha-2 country code. If this parameter is not specified, the default country of the farm will be used.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EllipticCurve
Specifies to use the elliptic curve cryptography key algorithm for your certificate, and the elliptic curve of your public and private ECC keys.
Larger elliptic curves provide more cryptographic strength than smaller elliptic curves, but they're also more computationally expensive and take more time to complete the SSL/TLS connection. Select nistP256 if you're unsure which elliptic curve to use. Elliptic curves larger than nistP384 are not recommended.
If neither this parameter nor the KeySize parameter is specified, the default key algorithm and key size / elliptic curve of the farm will be used.
Type: | EllipticCurveType |
Accepted values: | Default, nistP256, nistP384, nistP521 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Exportable
Specifies whether the private key of the certificate may be exported. If this parameter isn't specified, the private key of certificate deployed to the Windows Certificate Store on each server in the SharePoint farm will not be exportable, and SharePoint will not allow you to export the private key from within the SharePoint administration interface.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Specifies to overwrite a file if it already exists at the specified path.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-FriendlyName
The friendly name for the certificate. This name can be used to help you remember the purpose of this certificate. The friendly name will only be visible to SharePoint farm administrators, not to end users.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-HashAlgorithm
Specifies the hash algorithm of your certificate signature, which your certificate authority will use to verify that your certificate request hasn't been tampered with.
Larger hash algorithms provide more cryptographic strength than smaller hash algorithms, but they're also more computationally expensive. Select SHA256 if you're unsure which hash algorithm to use. Hash algorithms larger than SHA384 are not recommended.
If this parameter is not specified, the default hash algorithm of the farm will be used.
Type: | String |
Accepted values: | Default, SHA256, SHA384, SHA512 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Identity
The certificate to be renewed.
Type: | SPServerCertificatePipeBind |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-KeySize
Specifies to use the RSA key algorithm for your certificate, and the size of your public and private RSA keys in bits.
Larger key sizes provide more cryptographic strength than smaller key sizes, but they're also more computationally expensive and take more time to complete the SSL/TLS connection. Select 2048 if you're unsure which key size to use. Key sizes larger than 4096 are not recommended.
If neither this parameter nor the EllipticCurve parameter is specified, the default key algorithm and key size / elliptic curve of the farm will be used.
Type: | Int32 |
Accepted values: | 0, 2048, 4096, 8192, 16384 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Locality
The name of the city or locality where your organization is legally located. Do not abbreviate the name. If this parameter is not specified, the default locality of the farm will be used.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Organization
The legally registered name of your organization or company. If this parameter is not specified, the default organization of the farm will be used.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-OrganizationalUnit
The name of your department within your organization or company. If this parameter is not specified, the default organizational unit of the farm will be used.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Path
The path to the certificate signing request file that will be generated.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-State
The name of the state or province where your organization is legally located. Do not abbreviate the name. If this parameter is not specified, the default state of the farm will be used.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |