ucready

Change friendly name of a X.509 certificate

Change friendly name of a X.509 certificate

Hello everyone!

During my last Office Web App Server deployment I was in a ‘complicated’ situation: The friendly name of the needed X.509 certificate wasn’t defined and so the creation of the new Office Web App Farm wasn’t possible.

TechNet describes the requirements for securing the Office Web App Server Farm (OWA) with HTTPS. OWA identifies its certificate by friendly name, therefore it must be defined and be unique. You can find the full article for planning and securing the deployment of the Office Web App Server Farm here.

I didn’t want to request a new certificate so I did a short research. I found out there are basically two very easy ways to change the friendly name of the certificate:

  1. Using the Microsoft Management Console (MMC) Certificate-SnapIn
  2. Using the ‘certutil.exe’ Command Line Tool

Next, I will shortly describe these two options.

Using the Microsoft Management Console (MMC) Certificate-SnapIn

For changing the friendly name this way, just do the following steps:

  1. Depending of the certificate store run ‘certmgr.msc’ (user account) or ‘certlm.msc’ (computer account) with administrative privileges and choose your certificate for which you want to define or change the friendly name
  2. On the ‘Details-Tab’ click ‘Edit Properties…’
  3. Now you can edit the certificate’s properties like the friendly name:

change-fn-x509-01

Using the ‘certutil.exe’ Command Line Tool

The command line tool ‘certutil’ is installed on Windows and Windows Server as part of the Certificate Services. It is a very important and migthy tool when working with certificates and certification authorities. You can find a detailed documentation of ‘certutil’ and its syntax, verbs and options here.

To change the certificat’s friendly name do the folowing steps:

  1. First locate the certificate for which you want to change the friendly name and get the serialnumber
  2. Next create an ‘.inf’ file (for example ‘change-friendly-name.inf’) with the following content:change-fn-x509-02
  3. Run ‘cmd’ or ‘powershell’ with administrative privileges and use the ‘certutil’ with the following parameters:
certutil.exe -repairstore my "{serialnumber}" "change-friendly-name.inf"

If it all works correctly, the output should look like this:

change-fn-x509-03

If the certificate is located in the user account store and not in the computer account store, you have to add the parameter ‘-user’:

certutil.exe -repairstore -user my "{serialnumber}" "change-friendly-name.inf

Further reading:

 

Eric

Eric

My name is Eric Schöne. I’m working as a system engineer at T-Systems Multimedia Solutions GmbH in Germany. My focuses are Microsoft Cloud Services, Unified Communications and Infrastructure.
Eric

Leave a Reply

Your email address will not be published. Required fields are marked *

*