Administrator Guide
g In the Password and Conrm Password boxes, type a password. This password must match the password that was used to
protect the private key of the certicates that you want to import.
2 Run the Set-SslCerticate runbook to update to the new trusted certication authority certicate. The SSL certicates must be
provided as .pfx les, and must include a private key protected by a password. The runbook takes the following parameters:
Table 39. Set-SslCerticate Runbook Parameters
Input Parameter Details
ComputerNames You must specify the computer names in JSON format.
• To update the certicates on both VMs, specify:
["<
Prex
>APA01" , "<
Prex
>-APT01"]
• To update the certicates on a single VM, specify:
["<
Prex
>APA01"] or ["<
Prex
>APT01"]
Fileshare The UNC le share that you created in the previous procedure to store the
new .pfx certicates; for example, \\<
Prex
>CON01\ImportCerts.
PFXCredential The name of the PowerShell Credential asset that you created in the rst
step of this procedure; for example, CertImport.
NOTE: Each time that you run the runbook, even if the runbook has a status of Completed, make sure that you check the output
for errors.
Step 6: Secure the shares that you created
You should take steps to secure the shares where you stored the certicate information. Or, alternately, you can remove sharing completely,
if so desired.
You can now:
• Archive these les to a dierent location, or
• Delete the les after conrming that all new certicates are working, that is, administrators and tenants are able to sign in and work in
their Windows Azure Pack management portals.
The shares where you stored certicate information were:
• \\<Prex>CON01\WapCerts
• \\<Prex>CON01\TCAShare
• \\<Prex>CON01\ImportCerts.
Updating certicates about to expire
To update certicates that are about to expire, follow the procedures described in Replacing self-signed certicates with CA-signed
certicates.
Security
133