How To: Update Signing cert used with OWA

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All
    When your signing cert needs replacing, the OWA config will need updating to accept the new cert
    Expiring Certificate

    1. Install the Certificate into the Local Computer personal store on the IdP(s) for more info on this part see here

    2. Right Click on the Certificate and select All Tasks | Manage Private Keys

    3. Give Authenticated Users and Network Service a minimum of read permissions to the cert

    4. In IIS click on the Default WebSite and Click Bindings. Edit the 443 binding and select the new Cert

    5. Open the SecureAuth Admin Console

    6. Click the OWA realm | Post Auth tab

    7. Scroll down and select the new certificate as the Signing Cert and click Save

    8. Get the certificate “Thumbprint” from the new signing certificate into the Outlook Web application. Open the SecureAuth signing certificate, click on the Details tab, scroll to the bottom and look for the Thumbprint item.  Copy this value, paste into notepad, removing all spaces and changing all letters to UPPERCASE

    9. On the Exchange Server Edit

    C:\Program Files\Microsoft\Exchange Server\V15\Frontend\HttpProxy\Owa\web.config

    10. Edit this line to update the thumbprint


    11. Repeat step 10 but for

    “C:\Program Files\Microsoft\Exchange Server\V15\Frontend\HttpProxy\ecp\web.config”

     For more info on OWA integration, see here

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.