I ran into the situation where someone created and applied a certificate in IIS and the friendlyName was wrong. During automatic deployments of the software, they would call into the cert store and select the certificate to use for their 443 bindings based on the friendly name. The certificate was named wrong and wouldn’t get applied during deployment or it would apply the wrong one.
Here is how to fix this using PowerShell without re-issuing the certificate.
Open up PowerShell with administrative rights and change your location to the certificate store.
We will change the certificate with the thumbprint named wrong_internal_wildcard to right_internal_wildcard
PS C:\Users\ed> set-location cert: PS Cert:\> cd .\\localmachine\My PS Cert:\localmachine\My> Get-ChildItem PSParentPath: Microsoft.PowerShell.Security\Certificate::localmachine\My Thumbprint Subject ---------- ------- EC1D0A14FA9BAD91DA24B9F87ECBCDB63E9D6F6A E09D1799FC7F5791797EC39ED75A90345D1EE080 CN=IssuingCA, DC=domain, DC=com A0102DDEFE92D57E8136B150F1DAEC4DA628B2AD CN=AnotherCA, DC=domain, DC=com 8F5A004D9F831A9EA18374C3367796F6075AA578 CN=*.domain.com, O=company, L=city, S=state, C=US PS Cert:\localmachine\My> $cert = Get-ChildItem 8F5A004D9F831A9EA18374C3367796F6075AA578 PS Cert:\localmachine\My> $cert.FriendlyName wrong_internal_wildcard PS Cert:\localmachine\My> $cert.FriendlyName = "right_internal_wildcard" PS Cert:\localmachine\My> $cert.FriendlyName right_internal_wildcard
In the above example, I have done the following:
-
- Opened Powershell
-
- Set-Location to the certificate store by typing Set-Location cert:
-
- Listed out the certs by typing Get-ChildItem
-
- Located the cert I wanted to change the friendly name of
-
- Put that cert in a variable so I could view it’s properties
-
- Verified that the cert is the right one by typing $cert.friendlyname
-
- Then changed the friendlyname by typing $cert.FriendlyName = “right_internal_wildcard”
- lastly, I verifed the cert friendlyname by typing $cert.FriendlyName