SharePoint 2013 workflow manager expired certificate renewal

Question

Wanted to know if there is a way to extend or renew expired workflow manager certificates, without reinstalling it on a SharePoint 2013, running on Server 2012.

Update: Going to try the date change in a sandbox environment. Only problem is we are going to try to run it with the latest backup before any changes to workflow manager were attempted. Before that, we had already installed CU4 on top of CU2, which didnot work, so had to uninstall and reinstall Workflow again. Now er are having problems running Restore-WFFarm. Getting the error :

Restore-WFFarm : The token provider was unable to provide a security token while accessing 'https://abcd:9355/WorkflowDefaultNamespa ce/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. At line:1 char:1 + Restore-WFFarm -InstanceDBConnectionString "Data Source=abcd;Initial Ca ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ + CategoryInfo : OperationStopped: (:) [Restore-WFFarm], Unauthor izedAccessException + FullyQualifiedErrorId : WFRuntimeSettingFailed,Microsoft.Workflow.Deploy ment.Commands.RestoreWFFarm

Answer 1

Once you have new cert in the cert store, you can update it using the below powershell:

• So, the first step should be updating the Service Bus Services, for that you should start a Workflow Manager PowerShell console as an Administrator and run the below cmdlets.

  Set-SBCertificate -FarmCertificateThumbprint YourThumbprint -EncryptionCertificateThumbprint YourThumbprint

  Stop-SBFarm -Verbose

  Update-SBHost

  Start-SBFarm

• After this step, we need to update the Workflow Manager Services related Certificates

  Set-WFCertificate -SslCertificateThumbprint YourThumbprint -EncryptionCertificateThumbprint YourThumbprint

  Stop-WFHost

  Update-WFHost

  Start-WFHost

Read the complete Blog post here: Changing my Workflow Manager Farm Certificates

Answer 2

OK, you hit the same issue I have before. It is tricky to get around it but I managed to do it.

Problem with Workflow Manager 2013 is that you cannot update the certificate if it is expired. You need to do it before it gets expired. So here is how you can do it. I have done it this way:

1. Move clock back on the server and create a new selfSigned certificate that spans across the old and new certificate.
2. The time on server will sync so you will neeed to change it again.
3. Change time and update the Workflow manager certificate to selfSigned.
4. Wait for time sync and change now the certificate to your new certificate.