Update Certificate in Knowledge Center/Tridion Docs - Content Manager/Architect 12.x/13.x/14.x

When a server certificate is changed or renewed, you can no longer login to Architect/Content Manager. Several errors will be displayed linked to an untrusted certificate. If a server certificate is renewed, the thumbprint also changes. If a new certificate is used, a new thumbprint and subject name is generated. Architect/Content Manager is configured to search for the old certificate. If this one is renewed, it no longer matches the configuration and it will throw an error.

1. Make a backup of the following files:
   • a. C:\InfoShare\Web\Author\ASP\web.config
   • b. C:\InfoShare\Web\InfoShareWS\web.config
   • c. C:\InfoShare\Web\InfoShareSTS\Configuration\infoShareSTS.config 
   • d. C:\InfoShare\Web\InfoShareCS\web.config (TD14+ Only)
2. Replace in the web.config the Thumbprint with the thumbprint from the renewed certificate.
   1. Open Internet Information Services (IIS)
   2. Open Server Certificates
   3. Locate the renewed Certificate and open it
   4. Go to the details tab > Locate the Value Thumbprint > copy the value (remember the Control Character at the beginning of the Thumbprint value, to make sure you haven't copied it paste it into a cmd prompt window first, it should not have a "?" in the beginning.)
   5. Update the web.config files from step 1a and 1b (it occurs twice in both these files)with the new thumbprint values ***Note: the thumbprint value has a control character as the first character, the best way to identify it would be to copy the thumbprint into a cmd prompt.
   6. Update the infoShareSTS.config from step 1c with the new thumbprint values.
3. Open the component services>Computer>My Computer>COM+Applications and shut down "Trisoft-Infoshare-Author"
4. Open Internet Information Services and stop 
   1. TrisoftAppPoolInfoShareAuthor (TrisoftAppPoolISHCM TD13+)
   2. TrisoftAppPoolInfoShareSTS (TrisoftAppPoolISHSTS TD13+)
   3. TrisoftAppPoolInfoShareWS (TrisoftAppPoolISHWS TD13+)
   4. TrisoftAppPoolISHCS (TD14+ Only)
5. Rename C:\InfoShare\Web\InfoShareSTS\App_Data\IdentityServerConfiguration-2.1.sdf to for example C:\InfoShare\Web\InfoShareSTS\App_Data\IdentityServerConfiguration-2.1.sdf.previous
6. Open the component services and start Trisoft-Infoshare-Author
7. Open Internet Information Services and start
   1. TrisoftAppPoolInfoShareAuthor (TrisoftAppPoolISHCM TD13+)
   2. TrisoftAppPoolInfoShareSTS (TrisoftAppPoolISHSTS TD13+)
   3. TrisoftAppPoolInfoShareWS (TrisoftAppPoolISHWS TD13+)
   4. TrisoftAppPoolISHCS (TD14+ Only)

8. Login into the web UI and a new IdentityServerConfiguration-2.1.sdf file should be created containing the correct values of the new certificate's thumbprint and subject name.
   
   If the SDF file is not recreated - close browser entirely, remove cookies and session and got to the IIS page.
   
   *** note if Content Delivery is involved re-check relying party as it is stored in the SDF file ***

   New certificate (change of subject and Thumbprint)

1. Execute Above procedure +
2. Open STS Website https://Servername.domain/ISHSTS --> Key Configuration

3. Update the Signing certificate by selecting it from dropdown.

Binding to Port 443

The HTTPS protocol is secured with a certificate. This certificate can also expire and when it does. 

1. 1. Open a Remote Desktop Connection to the Architect Server
   2. Open Internet Information Services
   3. Expand <Computername> > Sites > Default Website
   4. Right click on Default Website and choose Bindings
   5. Select HTTPS and click Edit
      
   6. Make sure that the correct certificate is selected from the dropdown.  
      
   • If you have ADFS authentication, make sure to update the replying parties for ISHWS for the client tools to connect successfully.

Old Certificate expires