Generating the Security Administration Certificates

There are two powershell scripts included, MakeSTSCerts and CreateClientCert, which is the child script. Running the main MakeSTSCerts script will create all the certs necessary for Security Administration to operate correctly.

Note: These scripts are located at:

\ReleaseFiles\Resources\STSv3 Certificate
                Generation Guide.zip

Before running the script, you can change the passwords on the three certificates that require them; the passwords to change reside on the first two lines (for example: $rootPassword). By default they are set to random GUIDs but can be modified.

Note: You will need to recall these passwords later in the installation process.

The thumbprints for the generated certificates will be output by the script. You can copy them for your records from here.

Note: Before running the script, enter the following in Powershell: set-executionpolicy unrestricted and click Enter. If an error occurs while running the script, or if you need to rerun it for any reason, you should first remove the existing generated certificates from your certificate store. If you run it multiple times without doing so, you will end up with several versions of the same certificates.

Note: You have NETWORK SERVICE access to WKFS.STSv3.Key.Protection and WKFS.STSv3.OIDC.SigningCertificate.