Recently, despite ensuring the SSL certificates within Internet Information Services (IIS) were updated aheadĀ of their expiry, I fell foul of the hidden certificate within SharePoint 2013’s Security Token Service. In my defence, this is a certificate not mentioned within IIS or the Central Administration site. Its one of those lovely settings that can only be seen, analysed, and amended via PowerShell commands. Once you know/remember its there, its relatively straight forward to update.
$path = "C:\certificate.pfx" $password = "thepassword" $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $path, $password, 20 Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $certificate certutil -addstore -enterprise -f -v root $certificate iisreset net stop SPTimerV4 net start SPTimerV4
See: Replace the STS certificate for the on-premises environment