How to Modify the Workflow Manager certificates before they expire using Auto Generated Certificates?

In previous “post: How to Modify the Workflow Manager certificates before they expire?” we presented how to change the workflow manager certificate using certificates that you get from your domain authority what if you configured initially your workflow manager with self signed certificate and you want to keep it.

You need first to install those updates otherwise those PowerShell commands will not be available.

Apply WFM Client 1.0 CU4 – KB4019220 https://www.microsoft.com/en-us/download/details.aspx?id=55643

Apply Workflow Manager 1.0 Cumulative Update 5 from Web Platforms Installer to all WFM nodes or download from below link: https://go.microsoft.com/fwlink/?linkid=866037&clcid=0x409Apply

Run below WFM powershell command to change passphrase and thumbprints:

$CertKey=convertto-securestring ‘PASSPHRASE’ -asplaintext -force;

Set-WFCertificateAutoGenerationKey –Key $CertKey

Set-SBCertificateAutogenerationKey –Key $CertKey

Then run:

Stop-SBFarm

Update-SBHost

• Run Workflow Manager Configuration Wizard – leave WFM farm first and then rejoin WFM farm

• Export WFM Client certificate using below command from Workflow Manager Powershell:

Get-WFAutoGeneratedCA

• Above command creates “‘AutoGeneratedCA.cer’ file in path where command was executed – default C:\Program Files\WorkFlow Manager\1.0

• Copy “AutoGeneratedCA.cer“ file to all SP nodes and Web Frontends – install certificate to Trusted Root Certification Authorities certificate store

• Reset IIS on WFEs after importing certificate

• Register WFM to SharePoint –

Sample command:

Register-SPWorkflowService –SPSite “http://FQDN” –WorkflowHostUri “http://FQDN:12291” -AllowOAuthhttp -force

• From SharePoint Central Admin, run daily timer “Refresh Trusted Security Token Services Metadata feed [Farm job – Daily]”