Docs update tracker

Updates from: 07/08/2022 01:21:15

Service	Microsoft Docs article	Related commit history on GitHub	Change details
SharePoint	Intranet Get Started	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/intranet-get-started.md	search.appverid: MET150 description: "Get started planning, building, and launching your intranet" - m365solution-spintranet + - m365solution-scenario # Get started creating your intelligent intranet Now that you are familiar with the key success factors, phases, roles, and tasks ## Up next -[Get started planning](plan-intranet.md) your intranet around initiatives that solve specific problems, can be implemented quickly, and will yeild a high return on investment. +[Get started planning](plan-intranet.md) your intranet around initiatives that solve specific problems, can be implemented quickly, and will yield a high return on investment. ### Related topics
SharePoint	Intranet Roles Tasks	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/intranet-roles-tasks.md	search.appverid: MET150 description: "Introduction to roles, tasks, and timelines when deploying a SharePoint intranet." - m365solution-spintranet + - m365solution-scenario # Introduction to roles, tasks, and timelines
SharePoint	Intranet Team Overview	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/intranet-team-overview.md	search.appverid: MET150 description: "Learn about planning and deploying a SharePoint intranet." - m365solution-spintranet + - m365solution-scenario # Intelligent intranet introduction and roadmap
SharePoint	Plan Intranet	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/plan-intranet.md	- Strat_SP_admin - M365-collaboration - m365solution-spintranet +- m365solution-scenario - seo-marvel-apr2020 search.appverid:
SharePoint	Trad Vs Modern Intranet	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/trad-vs-modern-intranet.md	- Strat_SP_modern - M365-collaboration - m365solution-spintranet +- m365solution-scenario - seo-marvel-may2020 search.appverid:
SharePoint	Workplace Communications	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointOnline/workplace-communications.md	- Title: Engage audiences with workplace communication---- -recommendations: true -- NOCSH----- Strat_SP_modern-- M365-collaboration-- m365solution-spcomms-- m365solution-spintranet-- m365solution-scenario--- seo-marvel-may2020-- SPO160-- MET150 -description: "In this article, you'll learn how to leverage apps across Microsoft 365 to engage audiences in workplace communication." -- -# Engage audiences with workplace communication - -Learn how to keep everyone informed and engaged using SharePoint, Microsoft Teams, Yammer, and Stream for live events and other workplace communication methods across your Microsoft 365 environment. Learn more about the powerful strategies and communication tools available to you that help drive engagement in your organization. - -## Introduction to live events across Microsoft 365 - -You can create a live event wherever your audience, team, or community is currently communicating using Microsoft Stream, Microsoft Teams, Yammer, and SharePoint. Your organization's goals and Microsoft 365 configuration will determine how you leverage and combine Microsoft 365 apps to host live events. - -Live events allow attendees to receive notifications and to participate in real time, with high-definition videos and interactive discussion on Teams or Yammer web, mobile, and desktop apps. After an event, it's easy to make the recording available on an event page in SharePoint. The recording is automatically transcribed by Stream and detects changes in speakers and topics, making it easy to search for content later. - -These features become especially valuable when considering employees who are in different time zones or unable to attend live. Keep the conversation going so everyone still feels connected with leaders and peers after the event, which is a great method to overcome geographical and organizational boundaries. - -[Learn more about live events across Microsoft 365 apps](https://resources.techcommunity.microsoft.com/live-events/). - -## Benefits of using live event features across SharePoint, Teams, Yammer, and Stream - -Employee engagement is a major contributor to workplace satisfaction, loyalty, and productivity at any organization. Interactive live events allow program coordinators to effectively communicate business updates, training opportunities, and announcements in a way that makes an impact on the daily lives of employees and fosters ongoing collaboration and knowledge-sharing. --- Reach large audiences with video and interactive discussion. Viewers can join the event regardless of their office location or work-from-home status.-- Share your screen or share the stage. Easily deliver live events sharing content from your desktop or webcam. For high-profile events, connect to professional cameras, multiple content sources, and more.-- Empower everyone to participate. Moderated attendee Q&A or open dialog including all participants provide multiple options for interactions during broadcasts.-- Watch recorded events anytime with on-demand events. Ensure viewers never miss an event with on-demand video. Now anyone can catch up quickly and see transcripts, captions, and speaker timelines to help find the moments that matter to them.- -### Summary of live event apps - -Your organization's goals and Microsoft 365 configuration will determine how you leverage and combine Microsoft 365 apps to host live events. - -Teams - If you want your audience to view the event in Microsoft Teams, create the event so your viewers can join and watch from [Microsoft Teams](/MicrosoftTeams/teams-live-events/what-are-teams-live-events). -Yammer - If your audience is already using Yammer, you can create live events and have them show up directly in [Yammer](/yammer/manage-yammer-groups/yammer-live-events) where the viewers can participate in live discussions before the event, while watching the event, and after the event. -Stream ΓÇô If you don't want viewers to watch the event in either application, you can use [Stream](/stream/live-event-overview). - -## How to decide which app is best for your live event - -There are other considerations besides tenant configuration that will determine which apps you select depending on the level of engagement desired and governance policy of your organization. Depending on which service you create the live event from, and the type of event, there will be a different set of features available as the producer, presenter, and viewer of the live event. - -While planning your event, ask and find answers to these questions: --- What application are users currently using to attend live events and watch videos?-- What device are users likely to use when attending a live event or watching a video?-- How do you want viewers to engage with event presenters?-- What production setup is preferred?-- What are the ideal post-event next steps?- -Learn more about the [differences between live events in Teams, Yammer, and Stream](/stream/live-event-m365) to get answers to these questions. Use [site and hub analytics](https://support.microsoft.com/office/view-usage-data-for-your-sharepoint-site-2fa8ddc2-c4b3-4268-8d26-a772dc55779e) to get more insights about how users are currently engaging with SharePoint content to help you make decisions. - -## Leadership connection - -Bring the organization together by combining communication channels with M365 live event features across Stream, Yammer, and Teams. Then, see how you can leverage SharePoint using the [leadership connection guided walkthrough](https://support.microsoft.com/office/guided-walkthrough-creating-a-leadership-site-for-your-organization-e4a984db-d277-45ab-b18e-fa117b25bb4d) example to create sites that help connect viewers with leadership by creating new communication channels and a video archive library of recorded events for later viewing. - -### Company-wide events - -Large events that include all employees like "town halls" or "all hands meetings" are one of the ideal scenarios for leveraging a live event. When planning for a live event, start by ensuring your Microsoft 365 environment is set up and configured following guidance for each app in the admin section. The admin role is responsible for all the work behind the scenes work that makes the event possible and ensures the live event follows your organization's security and compliance policies. Then, learn about live event planning and production in the section for the producers and presenters. - -\|Teams\|Yammer\|Stream\| -\|\|\|\| -\|Admin\|Admin\|Admin\| -\|1. [Admin quick start](/MicrosoftTeams/quick-start-meetings-live-events) - get ready for Microsoft Teams live events <br> 2. [Set up](/MicrosoftTeams/teams-live-events/set-up-for-teams-live-events) and [configure settings](/MicrosoftTeams/teams-live-events/configure-teams-live-events) in Teams live events for your tenant <br> 3. Start [planning a live event in Teams](/MicrosoftTeams/teams-live-events/plan-for-teams-live-events)\|1. Review the [Yammer live events overview](/yammer/manage-yammer-groups/yammer-live-events) <br> 2. Understand there are some changes between the [new Yammer and classic Yammer](/yammer/get-started-with-yammer/newyammer-faq)\|1. Get started with [live events in Microsoft Stream](/stream/portal-get-started) <br> 2. [Create a live event](/stream/live-create-event) <br> 3. [Use Microsoft Stream in Teams](/stream/embed-video-microsoft-teams)\| -\|Presenters and producers\|Presenters and producers\|Presenters and producers\| -\|1. [Get started with Teams live events](https://support.microsoft.com/office/get-started-with-microsoft-teams-live-events-d077fec2-a058-483e-9ab5-1494afda578a) <br> 2. Learn how to [produce an event](https://support.microsoft.com/office/produce-a-live-event-using-teams-591bd694-121d-405c-b26d-730315e45a22) <br> 3. [Plan and schedule a live event](https://support.microsoft.com/office/plan-and-schedule-a-live-event-f92363a0-6d98-46d2-bdd9-f2248075e502) <br> 4. Use the [Teams live event organizer checklist](https://support.microsoft.com/office/teams-live-event-organizer-checklist-44a80886-0fd9-42e5-8e7c-836c798096f8) <br> 5. [Manage recordings and reports](https://support.microsoft.com/office/manage-a-live-event-recording-and-reports-in-teams-6d1f5da9-74b7-4771-977d-b89eba194578)\|1. [Organize and event in Yammer](https://support.microsoft.com/office/organize-a-live-event-in-new-yammer-7338782a-4f0b-4fd0-a6c3-33625906ead1) <br> 2. [Review Step-by-step playbook](https://aka.ms/LiveEventsinYammerplaybook) of hosting an event in Yammer <br> 3. [Learn how to drive engagement for your Yammer event](https://support.microsoft.com/office/drive-engagement-in-a-new-yammer-live-event-af1c289a-a511-4622-8864-6fa5bcc948f5)\|Use the [Stream web part](https://support.microsoft.com/office/use-the-stream-web-part-b97fa87c-1337-4271-a059-17f0d2b26e8b) to add a video to a SharePoint page\| - -### Create a leadership site in SharePoint - -![Image of the leadership connection site](media/corp-comms-leadership-site.png) - -Use SharePoint to create a place for your organization to share news from leadership and recordings from company-wide events. Get inspiration from a [step-by-step example of how to create a leadership site for your organization](https://support.microsoft.com/office/guided-walkthrough-creating-a-leadership-site-for-your-organization-e4a984db-d277-45ab-b18e-fa117b25bb4d). - -![Image of the stream web part and quick links web part](media/corp-comms-stream.png) - -In this example, you'll see a great way to leverage recordings of live events on a SharePoint page. Showcase recordings on a page using the [Stream web part](https://support.microsoft.com/office/use-the-stream-web-part-b97fa87c-1337-4271-a059-17f0d2b26e8b). Then, create a list of links to previous recordings using the [Quick links web part](https://support.microsoft.com/office/use-the-quick-links-web-part-e1df7561-209d-4362-96d4-469f85ab2a82). Consider adding the [Events web part](https://support.microsoft.com/office/use-the-events-web-part-5fe4da93-5fa9-4695-b1ee-b0ae4c981909) to your leadership site to share upcoming company-wide events with all employees. - -## Create a culture of inclusion - -Technology allows for a much broader reach across the globe and can be used to keep organizations connected. Leverage live event to foster a culture of inclusion that ensures all employees can participate in opportunities to network with each other, engage in collaborative discussions, and connect to leadership. See how you can leverage Microsoft 365 live event features and other communication channels into SharePoint pages to boost reach and viewership for important content. - -![Image of the SharePoint new employee onboarding template](media/corp-comms-neo.png) --- Welcome new team members ΓÇô Provision the [New employee onboarding template](https://lookbook.microsoft.com/details/75e60a32-9849-4ed4-b83e-b2b08983ad19) to create a welcoming and inclusive environment for new team members.-- Keep the conversation going with Yammer ΓÇô The [Yammer conversations or highlights web parts](https://support.microsoft.com/office/use-a-yammer-web-part-in-sharepoint-online-a53cfa0c-3d09-42c8-a286-1038a81c59da?ui=en-us&rs=en-us&ad=us#:~:text=Use%20a%20Yammer%20web%20part%20in%20SharePoint%20Online,Known%20Issues%20with%20the%20Conversations%20web%20part.%20) enable dynamic communication channels where you need them most. When users post questions and get answers, other users can view responses and benefit from past conversations stored in Yammer.-- Personalize the viewing experience ΓÇô Make sure viewers get what they need when they need it by using [audience targeting to personalize the experience](https://support.microsoft.com/office/target-navigation-news-and-files-to-specific-audiences-33d84cb6-14ed-4e53-a426-74c38ea32293) for viewers across navigational links, pages, and news posts.-- Provide multiple language options - Use [multilingual communication sites and news](https://support.microsoft.com/office/create-multilingual-communication-sites-pages-and-news-2bb7d610-5453-41c6-a0e8-6f40b3ed750c) if your organization spans a diverse population to make content in your intranet sites available in multiple languages. User interface elements like site navigation, site title, and site description can be shown in the user's preferred language. Additionally, you can provide pages and news posts on communication sites that you translate and that are shown in the user's preferred language.- -## Streamline workplace communication - -Across Microsoft 365, there are multiple ways to communicate ΓÇô over email, Teams chat, and Yammer conversations to name a few. Knowing which method to use depends on the communication culture of your organization. It's important to meet viewers where they are. Use established communication channels to connect users across apps to promote collaboration and engagement. - -### Organizational news - -Create and share news fast using SharePoint out-of-the-box news post features quick layout options and web parts that dynamically roll-up news across sites. Learn more about how to [create and share news in SharePoint](https://support.microsoft.com/office/create-and-share-news-on-your-sharepoint-sites-495f8f1a-3bef-4045-b33a-55e5abe7aed7). Use the [News web part](https://support.microsoft.com/office/use-the-news-web-part-on-a-sharepoint-page-c2dcee50-f5d7-434b-8cb9-a7feefd9f165) on SharePoint sites and hub pages to share news sources across your organization's intranet. Finally, [create and send a news digest](https://support.microsoft.com/office/create-and-send-a-news-digest-42efc3c6-605f-4a9a-85d5-1f9ff46019bf) for newsletter style messaging that can be shared in an email or Teams channel message. - -### Maintain high-quality content in SharePoint - -Understand how users are consuming content, what devices are typically used, and what content is popular using by [viewing usage data for your SharePoint site](https://support.microsoft.com/office/view-usage-data-for-your-sharepoint-site-2fa8ddc2-c4b3-4268-8d26-a772dc55779e). Use content insights to make adjustments to your organization's communication strategy. For example, if you learn that most users are reading news on a mobile device in the evening, you can make a point to post news in the evenings. - -Make it easy for users to follow your organization's site usage and creation guidelines by streamlining site and page designs in SharePoint. Templates ensure a consistent design and navigational experience across your intranet and help users create sites faster. Learn more about [creating page templates in SharePoint](https://support.microsoft.com/office/page-templates-in-sharepoint-faa92408-0c84-4e3d-8460-3c28065e7873). - -### Add resources to Teams - -Meet users where they are. If you are already using Teams, there are many options to share content across apps in Teams by adding resources as tabs in Teams or sharing a message in a channel. [Add a SharePoint page or list as a tab in Teams](https://support.microsoft.com/office/add-a-sharepoint-page-or-list-to-a-channel-in-teams-131edef1-455f-4c67-a8ce-efa2ebf25f0b) or add a [Yammer page as a tab in Teams](https://support.microsoft.com/office/new-yammer-add-a-yammer-page-to-a-teams-channel-ca06ec83-f22d-4b76-83a5-c83aa2a33528) to keep content and communication for specific departments, teams, or projects in one place. Make sure important messages get to the right audiences by [sending an email to a Teams channel](https://support.microsoft.com/office/send-an-email-to-a-channel-in-teams-d91db004-d9d7-4a47-82e6-fb1b16dfd51e) or by [sending an announcement to a Teams channel](https://support.microsoft.com/office/send-an-announcement-to-a-channel-8f244ea6-235a-4dcc-9143-9c5b801b4992). Finally, bring your organization's intranet closer to resources in Teams by [creating an intranet portal app from a SharePoint site or page](/microsoftteams/teams-standalone-static-tabs-using-spo-sites). - -### More workplace communication resources - -[IT roundtable: Migrating from Skype meeting broadcasts to live events across Microsoft 365 apps](https://www.microsoft.com/itshowcase/it-expert-roundtable-migrating-to-live-events-in-microsoft-365-from-skype-meeting-broadcast) - -[How leaders can bring employees together during COVID-19](https://www.microsoft.com/microsoft-365/blog/2020/05/01/how-leaders-bring-employees-together-covid-19/) - -[Transform your communications, company meetings, and trainings](https://resources.techcommunity.microsoft.com/live-events/) - -[Learn more about live events across Microsoft 365 apps](https://resources.techcommunity.microsoft.com/live-events/) - -[SharePoint modernization scanner](/sharepoint/dev/transform/modernize-scanner)
SharePoint	Assign Certificates To Web Applications	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/assign-certificates-to-web-applications.md	+ + Title: "Assign certificates to web applications" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how to assign SharePoint-managed certificates.." ++ + +# Assign certificates to web applications ++ +SharePoint supports assigning SharePoint-managed certificates, which are imported by using the [Import-SPCertificate](/powershell/module/sharepoint-server/import-spcertificate) PowerShell cmdlet, to web applications with an SSL binding. The certificate must be in SharePoint's End Entity certificate store and the certificate's private key must also be imported. You can assign a certificate when the web application is first created or after it's created. + +A `-Certificate <SPServerCertificatePipeBind>` parameter has been added to the following cmdlets and commands: + +- [New-SPWebApplication](/powershell/module/sharepoint-server/new-spwebapplication) +- [New-SPWebApplicationExtension](/powershell/module/sharepoint-server/new-spwebapplicationextension) +- [Set-SPWebApplication](/powershell/module/sharepoint-server/set-spwebapplication) +- [New-SPCentralAdministration](/powershell/module/sharepoint-server/new-spcentraladministration) +- [Set-SPCentralAdministration](/powershell/module/sharepoint-server/set-spcentraladministration) +- [PSConfig.exe -cmd adminvs](/previous-versions/office/sharepoint-server-2010/cc263093(v=office.14)) + +The `SPServerCertificatePipeBind` accepts the following values: + +- String: Friendly name of the certificate. +- String: Thumbprint of the certificate. +- String: Serial number of the certificate. +- GUID: ID property of the SPServerCertificate object. + +To assign a certificate to a web application, while creating that web application or extending a web application to another zone through Central Administration, then set "Use Server Sockets Layer (SSL)" to Yes. + +Select the server certificate from the Server Certificate drop-down list.
SharePoint	Certificates Administrative Action Logging	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/certificates-administrative-action-logging.md	+ + Title: "Certificates administrative action logging" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how the major certificate actions are logged in the SharePoint." + + +# Certificates administrative action logging ++ +Major certificate management actions are now logged in the SharePoint Administrative Actions log. The logging actions include: + +- `Administration.Security.Certificate.Export` +- `Administration.Security.Certificate.Import` +- `Administration.Security.Certificate.Install` +- `Administration.Security.Certificate.Move` +- `Administration.Security.Certificate.New` +- `Administration.Security.Certificate.Register` +- `Administration.Security.Certificate.Remove` +- `Administration.Security.Certificate.Rename` +- `Administration.Security.Certificate.Switch` +- `Administration.Security.Certificate.Uninstall` +- `Administration.Security.Certificate.Unregister` ++ +For more information about administrative action logging, see [Using Administrative Actions logging in SharePoint Server 2016](using-administrative-actions-logging-in-sharepoint-server-2016.md).
SharePoint	Create New Certificates	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/create-new-certificates.md	+ + Title: "Create new certificates" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how you to create new SSL certificate." ++ + +# Create new certificates ++ +SharePoint Subscription Edition supports creating SSL certificate requests via the [New-SPCertificate](/powershell/module/sharepoint-server/new-spcertificate) PowerShell cmdlet. This is the first step in a three-step process to install a new SSL certificate. + +After the SSL certificate request has been created via the operation, the SharePoint administrator must submit the certificate request to their SSL certificate authority. The SSL certificate authority then generates a signed certificate based on the request and return it to the SharePoint administrator, who can then import the certificate into SharePoint. The imported certificate is paired with the private key generated by the certificate request operation. The certificate is now ready for use by SharePoint. + +```powershell +New-SPCertificate -FriendlyName <String> -CommonName <String> [-AlternativeNames <String[]>] [-OrganizationalUnit <String>] [-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-Exportable] [-HashAlgorithm {Default \| SHA256 \| SHA384 \| SHA512}] [-Path <String>] [-Force] [<CommonParameters>] +New-SPCertificate -FriendlyName <String> -CommonName <String> [-AlternativeNames <String[]>] [-OrganizationalUnit <String>] [-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-Exportable] [-KeySize {0 \| 2048 \| 4096 \| 8192 \| 16384}] [-HashAlgorithm {Default \| SHA256 \| SHA384 \| SHA512}] [-Path <String>] [-Force] [<CommonParameters>] +New-SPCertificate -FriendlyName <String> -CommonName <String> [-AlternativeNames <String[]>] [-OrganizationalUnit <String>] [-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-Exportable] [-EllipticCurve {Default \| nistP256 \| nistP384 \| nistP521}] [-HashAlgorithm {Default \| SHA256 \| SHA384 \| SHA512}] [-Path <String>] [-Force] [<CommonParameters>]] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|FriendlyName\| The friendly name for the certificate. This name can be used to help you remember the purpose of this certificate. The friendly name will only be visible to SharePoint farm administrators, not to end users.\| +\|CommonName \| The primary DNS domain name or IP address that this certificate will be assigned to. Fully Qualified Domain Names (FQDNs) are recommended.\| +\|AlternativeNames \| Additional DNS domain names or IP addresses that this certificate will be assigned to. Fully Qualified Domain Names (FQDNs) are recommended.\| +\|OrganizationalUnit \| The name of your department within your organization or company. If this parameter isn't specified, the default organizational unit of the farm will be used.\| +\|Organization\| The legally registered name of your organization or company. If this parameter isn't specified, the default organization of the farm will be used.\| +\|Locality \| The name of the city or locality where your organization is legally located. Don't abbreviate the name. If this parameter isn't specified, the default locality of the farm will be used.\| +\|State \| The name of the state or province where your organization is legally located. Don't abbreviate the name. If this parameter isn't specified, the default state of the farm will be used.\| +\|Country \| The two letter country code where your organization is legally located. This must be an ISO 3166-1 alpha-2 country code. If this parameter isn't specified, the default country of the farm will be used.\| +\|Exportable\| Specifies whether the private key of the certificate may be exported. If this parameter isn't specified, the private key of certificate deployed to the Windows Certificate Store on each server in the SharePoint farm won't be exportable, and SharePoint won't allow you to export the private key from within the SharePoint administration interface.\| +\|KeySize \| Specifies to use the RSA key algorithm for your certificate, and the size of your public and private RSA keys in bits. Larger key sizes provide more cryptographic strength than smaller key sizes, but they're also more computationally expensive and take more time to complete the SSL / TLS connection. Select `2048` if you're unsure, which key size to use. Key sizes larger than `4096` are not recommended. If neither this parameter nor the `EllipticCurve` parameter is specified, the default key algorithm and key size / elliptic curve of the farm will be used.\| +\|EllipticCurve\|Specifies to use the elliptic curve cryptography key algorithm for your certificate, and the elliptic curve of your public and private ECC keys. Larger elliptic curves provide more cryptographic strength than smaller elliptic curves, but they're also more computationally expensive and take more time to complete the SSL / TLS connection. Select `nistP256` if you're unsure, which elliptic curve to use. Elliptic curves larger than `nistP384` are not recommended. If neither this parameter nor the `KeySize` parameter is specified, the default key algorithm and key size / elliptic curve of the farm will be used.\| +\|HashAlgorithm\|Specifies the hash algorithm of your certificate signature, which your certificate authority will use to verify that your certificate request hasn't been tampered with. Larger hash algorithms provide more cryptographic strength than smaller hash algorithms, but they're also more computationally expensive. Select `SHA256` if you're unsure, which hash algorithm to use. Hash algorithms larger than `SHA384` are not recommended. If this parameter isn't specified, the default hash algorithm of the farm will be used.\| +\|Path\|Specifies the path to the certificate signing request file that will be generated.\| +\|Force\| Specifies to overwrite a file if it already exists at the specified path.\| +\|AssignmentCollection\| Manages objects for the purpose of proper disposal. Use of objects, such as SPWeb or SPSite, can use large amounts of memory and use of these objects in Windows PowerShell scripts requires proper memory management. Using the `SPAssignment` object, you can assign objects to a variable and dispose of the objects after they are needed to free up memory. When SPWeb, SPSite, or `SPSiteAdministration` objects are used, the objects are automatically disposed of if an assignment collection or the Global parameter is not used.\| +\|WhatIf\|Shows what would happen if the cmdlet runs. The cmdlet is not run.\| +\|Confirm\|Prompts you for confirmation before running the cmdlet.\| + +Example cmdlet syntax: + +```powershell +New-SPCertificate -FriendlyName "Team Sites Certificate" -KeySize 2048 -CommonName sharepoint.contoso.com -AlternativeNames extranet.contoso.com, onedrive.contoso.com -OrganizationalUnit "Contoso IT Department" -Organization "Contoso" -Locality "Redmond" -State "Washington" -Country "US" -Exportable -HashAlgorithm SHA256 -Path "\\server\fileshare\Team Sites Certificate Signing Request.txt" +```
SharePoint	Export Certificate	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/export-certificate.md	+ + Title: "Export certificates" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint export the certificates." + + +# Export certificates ++ +SharePoint supports exporting certificates to PFX (PKCS #12) files, P7B (PKCS #7) files, and CER files. Both PFX files and P7B files can contain multiple certificates, which is useful for exporting a chain of certificates from the end entity (leaf) certificate to the root certificate. However, only PFX files can contain private keys for certificates, which are necessary for a server certificate to be assigned to an IIS website. CER files contain only a single certificate. + +Use the `Export-SPCertificate` PowerShell cmdlet to import certificates from certificate files. + +This cmdlet supports multiple parameter sets: + +```powershell +Export-SPCertificate [-Identity] <SPServerCertificatePipeBind> -Password <securestring> [-EncryptionType {AES256 \| TripleDes}] [-IncludeAllCertificatesInCertificationPath] [-IncludeExtendedProperties] [-Path <string>] [-Force] +Export-SPCertificate [-Identity] <SPServerCertificatePipeBind> -Type {Cert \| Pkcs7} [-IncludeAllCertificatesInCertificationPath] [-Path <string>] [-Force] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Identity\| The certificate to export. -Password The password to use to protect the exported PFX file. This parameter is only compatible with PFX files.\| +\|EncryptionType\| Specifies the encryption algorithm to use to protect the exported PFX file. AES256 specifies that `AES-256` encryption with SHA256 hashing will be used. TripleDes specifies that 3DES encryption with SHA1 hashing will be used. `AES-256` encryption is stronger than 3DES encryption, but is only supported with PFX files on Windows Server 2019 and newer operating systems. Use 3DES encryption if the PFX file needs to be compatible with older operating systems. If this parameter is not specified, `AES-256` encryption is used by default. This parameter is only compatible with PFX files\| +\|Type\| Specifies the type of file to generate. Cert will generate a CER file containing a single DER-encoded certificate. Pkcs7 will generate a P7B (PKCS #7) file containing one or more certificates. This parameter is only compatible with CER and P7B files\| +\|IncludeAllCertificatesInCertificationPath\| Specifies whether to export additional certificates that are part of the certificate chain of the specified certificate. This will only add parent certificates of the specified certificate, not child certificates issued by the specified certificate. This parameter is only compatible with PFX and P7B files.\| +\|IncludeExtendedProperties\| Specifies whether extended properties of the certificate should be exported, such as the friendly name of the certificate. This parameter is only compatible with PFX files.\| +\|Path\| Specifies the path to the PFX, P7B, or CER file containing certificates.\| +\|Force \|Specifies whether to overwrite a file if it already exists at the specified path. Example cmdlet syntax: `$password = ConvertTo-SecureString -AsPlainText -Force Export-SPCertificate -Identity "Contoso SharePoint (2020)" -Password $password -IncludeAllCertificatesInCertificationPath -IncludeExtendedProperties -Path "\server\fileshare\certificates.pfx`".\|
SharePoint	Import New Certificates	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/import-new-certificates.md	+ + Title: "Import certificates" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how to import certificates." ++ + +# Import certificates ++ +SharePoint supports both Rivest, Shamir, Adleman (RSA) and Elliptic Curve Cryptography (ECC) certificates. You can import certificates from Personal Exchange Format (PFX) (PKCS #12) files, P7B (PKCS #7) files, and CER files. Only PFX files will contain private keys for certificates, which are necessary for a server certificate to be assigned to an Internet Information Services (IIS) website. However, the entire certificate chain, from the end entity (leaf) certificate to the root certificate must be imported to SharePoint for SSL connections to be successful. + +Certificates are automatically deployed to the Windows certificate store on each server in the SharePoint farm when they're imported into SharePoint. Certificates are also automatically deployed to new servers in the SharePoint farm when those servers join the farm. + +> [!NOTE] +> Disconnecting a server from a SharePoint farm will not automatically remove SharePoint-managed certificates from that server's Windows certificate store. Uninstalling SharePoint from a server will not automatically remove SharePoint-managed certificates from that server's Windows certificate store. + +Use the [Import-SPCertificate](/powershell/module/sharepoint-server/import-spcertificate) PowerShell cmdlet to import certificates from certificate files. ++ +```powershell +Import-SPCertificate [-Path] <String> [-Password <SecureString>] [-Store {EndEntity \| Intermediate \| Pending \| Root}] [-Exportable] [-Replace] [-AssignmentCollection <SPAssignmentCollection>] [-WhatIf] [-Confirm] [<CommonParameters>] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Path\| The path to the PFX, P7B, or CER file containing certificates.\| +\|Password \| The password if the certificate file is protected by a password (for PFX files).\| +\|Store (EndEntity / Intermediate / Pending / Root)\| The certificate store that certificates should be imported into. Unless there's a need to override SharePoint's automatic certificate detection, we recommend omitting this parameter, so that SharePoint will automatically select the appropriate certificate store for each certificate.\| +\|Exportable\| Specifies whether private keys of the certificates imported into SharePoint may be exported. If this parameter isn't specified, the private keys of certificates deployed to the Windows Certificate Store on each server in the SharePoint farm won't be exportable, and SharePoint won't allow you to export the private keys from within the SharePoint administration interface.\| +\|Replace\| Specifies that if the certificates being imported are renewing existing certificates, the certificate assignments of the existing certificates should be immediately replaced with the imported certificates.\| + +Example cmdlet syntax: + +```powershell +$password = ConvertTo-SecureString -AsPlainText -Force +Import-SPCertificate -Path "\\server\fileshare\certificates.pfx" -Password $password -Exportable +```
SharePoint	Move Certificates Between Certificate Stores	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/move-certificates-between-certificate-stores.md	+ + Title: "Move certificates between certificate stores" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports moving certificates." + + +# Move certificates between certificate stores ++ +SharePoint supports moving certificates between certificate stores using the [Move-SPCertificate](/powershell/module/sharepoint-server/move-spcertificate) PowerShell cmdlet. + +```powershell +Move-SPCertificate [-Identity] <SPServerCertificatePipeBind> -NewStore {Default \| EndEntity \| Intermediate \| Root} [-Force] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Identity\| The certificate to move.\| +\|NewStore (Default / EndEntity / Intermediate / Root)\| The certificate store to move the certificate to. If Default is specified, SharePoint will automatically select the appropriate certificate store for the certificate.\| +\|Force\|Specifies that the certificate should be moved to a different certificate store, even if the certificate is currently assigned to SharePoint objects.<br> If this parameter is specified, any existing assignments of the certificate are cleared. If this parameter isn't specified and the certificate is assigned to a SharePoint object, the operation will fail.\| + +Example cmdlet syntax: + +```powershell +Move-SPCertificate -Identity "Contoso SharePoint (2020)" -NewStore EndEntity +```
SharePoint	New Health Analyzer Rules For Ssl Certificates	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/new-health-analyzer-rules-for-ssl-certificates.md	+ + Title: "New health analyzer rules for SSL certificates" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SSL certificate implements health analyzer." ++ +# New health analyzer rules for SSL certificates ++ +SharePoint has implemented the following four new health analyzer rules for SSL certificates: + +1. Certificate notification contacts haven't been configured health rule that provides notification through Central Administration when certificates are in use and no certificate notification contacts have been configured. This health rule will run weekly. Certificate notification contacts receive emails about SSL certificate expirations and can be configured by customers through the Configure certificate management settings page. +2. Upcoming SSL certificate expirations health rule that provides advanced notification through both Central Administration and email of upcoming certificate expirations. This health rule will run weekly to notify certification notification contacts about certificates that are in use and will expire within the next 15 - 60 days. These thresholds are configurable by customers through the Configure certificate management settings page. +3. SSL certificates are about to expire health rule that provides advanced notification through both Central Administration and email when certificates are about to expire. This health rule will run daily to notify certificate notification contacts about certificat]es that are in use and will expire within the next 15 days. This threshold is configurable by customers through the Configure certificate management settings page. +4. SSL certificates have expired health rule that provides notification through both Central Administration and email when certificates have expired. This health rule will run daily to notify certificate notification contacts about certificates that are in use and have expired within the past 15 days. This threshold is configurable by customers through the Configure certificate management settings page.
SharePoint	Outgoing Smtp Support For Client Certificate Authentication	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/outgoing-smtp-support-for-client-certificate-authentication.md	+ + Title: "Outgoing SMTP support for client certificate authentication" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how some SMTP servers may require the use of client certificates for authentication before accepting email messages." + + +# Outgoing SMTP support for client certificate authentication ++ +Some SMTP servers may require the use of client certificates for authentication before accepting email messages. SharePoint now supports client certificate authentication when sending emails to an SMTP server. The outbound SMTP settings in SharePoint must be configured to use TLS connection encryption and a certificate must be assigned to use this capability. The certificate must be in SharePoint's End Entity certificate store, the certificate's private key must be imported, and the certificate's enhanced key usage extension must specify the certificate is valid for client authentication if that extension is present. + +A `-Certificate <SPServerCertificatePipeBind>` parameter has been added to the following cmdlet parameter set: + +```powershell +Set-SPWebApplication [-Identity] <SPWebApplicationPipeBind> -SMTPServer <String> [-Certificate <SPServerCertificatePipeBind>] [-DisableSMTPEncryption] [-Force] [-NotProvisionGlobally] [-OutgoingEmailAddress <String>] [-ReplyToEmailAddress <String>] [-SMTPServerPort <Int32>] [-SMTPCredentials <PSCredential>] +``` + +To assign a certificate to the outbound SMTP settings through Central Administration, set Use TLS connection encryption and Use client certificate authentication to Yes, and then select the client certificate from the Client certificate drop-down list.
SharePoint	Remove Certificates	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/remove-certificates.md	+ + Title: "Remove certificates" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports removing certificates." ++ + +# Remove certificates + +SharePoint supports removing certificates via [Remove-SPCertificate](/powershell/module/sharepoint-server/remove-spcertificate) PowerShell cmdlet. + +- By default, SharePoint will not allow you to remove a certificate if it is currently assigned to a SharePoint object. You must override the default behavior if you want to force the removal of a certificate. If you override the default behavior, existing assignments of the certificate are cleared. +- The certificate and any private key associated with that certificate is removed from the Windows certificate store on every server in the SharePoint farm. +- The certificate and any private key associated with it is removed from the SharePoint configuration database. +- Any previous exports from the certificate through the SharePoint administration interface will not be removed. Those exported files will still exist. + +Use the `Remove-SPCertificate` cmdlet to remove a certificate from SharePoint. + +For example: + +```powershell +Remove-SPCertificate [-Identity] <SPServerCertificatePipeBind> [-Force] [-WhatIf] [-Confirm] [<CommonParameters>] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Identity\| The certificate to remove from SharePoint.\| +\|Force \| Specifies that the certificate should be removed from SharePoint, even if the certificate is currently assigned to SharePoint objects. If this parameter is specified, any existing assignments of the certificate are also cleared. If this parameter isn't specified and the certificate is assigned to a SharePoint object, the operation will fail.\| ++ +For example: + +```powershell +Remove-SPCertificate -Identity "Contoso SharePoint (2020)" +```
SharePoint	Rename Certificate Friendly Names	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/rename-certificate-friendly-names.md	+ + Title: "Rename certificate friendly names" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports changing the friendly name of certificates." + + +# Rename certificate friendly names ++ +SharePoint supports changing the friendly name of certificates using the [Rename-SPCertificate](/powershell/module/sharepoint-server/rename-spcertificate) PowerShell cmdlet. + +```powershell +Rename-SPCertificate [-Identity] <SPServerCertificatePipeBind> -NewFriendlyName <string> +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Identity\| The certificate to be renamed. \| +\|NewFriendlyName\|The new friendly name for the certificate.\| + +Example cmdlet syntax: + +```powershell +Rename-SPCertificate -Identity "Contoso SharePoint" -NewFriendlyName "Contoso SharePoint (2020)" +```
SharePoint	Renew Certificates	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/renew-certificates.md	+ + Title: "Renew certificates" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports renewing SSL certificates." + + +# Renew certificates ++ +SharePoint supports renewing SSL certificates via the [Renew-SPCertificate](/powershell/module/sharepoint-server/renew-spcertificate) PowerShell cmdlet. This creates a new certificate signing request based on the properties of an existing certificate and is the first step in a three-step process to renew an SSL certificate. + +Once an SSL certificate request is created via the operation, the SharePoint administrator must submit the certificate request to their SSL certificate authority. The SSL certificate authority will then generate a signed certificate based on the request and return it to the SharePoint administrator. The SharePoint administrator must then import the certificate provided by the SSL certificate authority into SharePoint. + +SharePoint will then pair the imported certificate with the private key generated by the certificate request operation. The certificate is then ready to be used by SharePoint. + +When you import a certificate as part of a certificate renewal operation, you can specify the `Replace` switch parameter with the `Import-SPCertificate` cmdlet. This tells SharePoint to automatically replace the certificate assignments of the certificate being renewed with the new certificate. + +```powershell +Renew-SPCertificate [-Identity] <SPServerCertificatePipeBind> -FriendlyName <String> [-CommonName <String>] [-AlternativeNames <String[]>] [-OrganizationalUnit <>] [-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-Exportable] [-HashAlgorithm {Default \| SHA256 \| SHA384 \| SHA512}] [-Path <String>] [-Force] [<CommonParameters>] +Renew-SPCertificate [-Identity] <SPServerCertificatePipeBind> -FriendlyName <String> [-CommonName <String>] [-AlternativeNames <String[]>] [-OrganizationalUnit <>] [-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-Exportable] [-KeySize {0 \| 2048 \| 4096 \| 8192 \| 16384}] [-HashAlgorithm {Default \| SHA256 \| SHA384 \| SHA512}] [-Path <String>] [-Force] [<CommonParameters>] +Renew-SPCertificate [-Identity] <SPServerCertificatePipeBind> -FriendlyName <String> [-CommonName <String>] [-AlternativeNames <String[]>] [-OrganizationalUnit <>] [-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-Exportable] [-EllipticCurve {Default \| nistP256 \| nistP384 \| nistP521}] [-HashAlgorithm {Default \| SHA256 \| SHA384 \| SHA512}] [-Path <String>] [-Force] [<CommonParameters>] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Identity\| The certificate to be renewed.\| +\|FriendlyName \| The friendly name for the certificate. This name can be used to help you remember the purpose of this certificate. The friendly name will only be visible to SharePoint farm administrators, not to end users.\| +\|CommonName \|The primary DNS domain name or IP address that this certificate will be assigned to. Fully Qualified Domain Names (FQDNs) are recommended. If this parameter isn't specified, the common name of the certificate to be renewed will be used.\| +\|AlternativeNames \| Additional DNS domain names or IP addresses that this certificate will be assigned to. Fully Qualified Domain Names (FQDNs) are recommended. If this parameter isn't specified, the alternative names of the certificate to be renewed will be used.\| +\|OrganizationalUnit\| The name of your department within your organization or company. If this parameter isn't specified, the organizational unit of the certificate to be renewed will be used. If an organizational unit can't be found in the certificate to be renewed, the default organizational unit of the farm will be used.\| +\|Organization\| The legally registered name of your organization or company. If this parameter isn't specified, the organization of the certificate to be renewed will be used. If an organization can't be found in the certificate to be renewed, the default organization of the farm will be used.\| +\|Locality \| The name of the city or locality where your organization is legally located. Don't abbreviate the name. If this parameter isn't specified, the locality of the certificate to be renewed will be used. If a locality can't be found in the certificate to be renewed, the default locality of the farm will be used.\| +\|State \| The name of the state or province where your organization is legally located. Don't abbreviate the name. If this parameter isn't specified, the state of the certificate to be renewed will be used. If a state can't be found in the certificate to be renewed, the default state of the farm will be used.\| +\|Country \| The two letter country code where your organization is legally located. This must be an ISO 3166-1 alpha-2 country code. If this parameter isn't specified, the country of the certificate to be renewed will be used. If a country can't be found in the certificate to be renewed, the default country of the farm will be used.\| +\|Exportable\| Specifies whether the private key of the certificate may be exported. If this parameter is not specified, the private key of certificate deployed to the Windows Certificate Store on each server in the SharePoint farm won't be exportable, and SharePoint won't allow you to export the private key from within the SharePoint administration interface.\| +\|KeySize\| Specifies to use the RSA key algorithm for your certificate, and the size of your public and private RSA keys in bits. Larger key sizes provide more cryptographic strength than smaller key sizes, but they're also more computationally expensive and take more time to complete the SSL/TLS connection. Select `2048` if you're unsure which key size to use. Key sizes larger than `4096` are not recommended. If neither this parameter nor the EllipticCurve parameter is specified, the key algorithm and key size / elliptic curve of the certificate to be renewed will be used. If a key algorithm and key size / elliptic curve can't be found in the certificate to be renewed, the default key algorithm and key size / elliptic curve of the farm will be used.\| +\|EllipticCurve\| Specifies to use the elliptic curve cryptography key algorithm for your certificate, and the elliptic curve of your public and private ECC keys. Larger elliptic curves provide more cryptographic strength than smaller elliptic curves, but they're also more computationally expensive and take more time to complete the SSL/TLS connection. Select `nistP256` if you're unsure, which elliptic curve to use. Elliptic curves larger than `nistP384` are not recommended. If neither this parameter nor the KeySize parameter is specified, the key algorithm and key size / elliptic curve of the certificate to be renewed will be used. If a key algorithm and key size / elliptic curve can't be found in the certificate to be renewed, the default key algorithm and key size / elliptic curve of the farm will be used.\| +\|HashAlgorithm\| Specifies the hash algorithm of your certificate signature, which your certificate authority will use to verify that your certificate request hasn't been tampered with. Larger hash algorithms provide more cryptographic strength than smaller hash algorithms, but they're also more computationally expensive. Select `SHA256` if you're unsure which hash algorithm to use. Hash algorithms larger than `SHA384` are not recommended. If this parameter is not specified, the hash algorithm of the certificate to be renewed will be used. If a supported hash algorithm can't be found in the certificate to be renewed, the default hash algorithm of the farm will be used.\| + +The following is the example of cmdlet syntax: + +```powershell +Renew-SPCertificate -Identity "Contoso SharePoint (2020)" -FriendlyName "Contoso SharePoint (2021)" -Exportable -Path "\\server\fileshare\Contoso SharePoint 2021 Certificate Signing Request.txt" +```
SharePoint	Replace A Certificate Assignment	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/replace-a-certificate-assignment.md	+ + Title: "Replace a certificate assignment" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports replacing all usage of an existing certificate within SharePoint with a different certificate." ++ +# Replace a certificate assignment ++ +SharePoint supports replacing all usage of an existing certificate within SharePoint with a different certificate. For example, if an existing certificate is approaching its expiration and you can replace this existing certificate with a new certificate. Use the [Switch-SPCertificate](/powershell/module/sharepoint-server/switch-spcertificate) Powershell cmdlet to replace the assignments of the existing certificate with the new certificate. All usage of the existing certificate within SharePoint will then be replaced with the new certificate. + +For example: + +```powershell +Switch-SPCertificate [-Identity] <SPServerCertificatePipeBind> [-NewCertificate] <SPServerCertificatePipeBind> [-WhatIf] [-Confirm] [<CommonParameters>] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Identity\| The certificate whose assignments you want to replace.\| +\|NewCertificate \| The certificate that should replace all of the assignments of the certificate specified by the Identity parameter.\| + +For example: + +```powershell +Switch-SPCertificate -Identity "Contoso SharePoint (2020)" -NewCertificate "Contoso SharePoint (2021)" +```
SharePoint	Set Certificate Default Settings	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/set-certificate-default-settings.md	+ + Title: "Set certificate default settings" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports farm-wide default settings for certificate management by creating, renewing certificates, and certificate health rule thresholds." + + +# Set certificate default settings ++ +SharePoint supports farm-wide default settings for certificate management. These include default properties for creating and renewing certificates and certificate health rule thresholds. + +Use the [Set-SPCertificateSettings](/powershell/module/sharepoint-server/set-spcertificatesettings) PowerShell cmdlet to set the certificate management default settings. + +```powershell +Set-SPCertificateSettings [-OrganizationalUnit <String>] [-Organization <String>] [-Locality <String>] [-State <String>] [-Country <String>] [-KeyAlgorithm {ECC \| RSA}] [-KeySize {0 \| 2048 \| 4096 \| 8192 \| 16384}] [-EllipticCurve {Default \| nistP256 \| nistP384 \| nistP521}] [-HashAlgorithm {Default \| SHA256 \| SHA384 \| SHA512}] [-RsaSignaturePadding {Default \| Pkcs1 \| Pss}] [-CertificateExpirationAttentionThreshold <Int32>] [-CertificateExpirationWarningThreshold <Int32>] [-CertificateExpirationErrorThreshold <Int32>] [<CommonParameters>]] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|OrganizationalUnit \| The name of your department within your organization or company.\| +\|Organization \| The legally registered name of your organization or company.\| +\|Locality \| The name of the city or locality where your organization is legally located. Don't abbreviate the name.\| +\|State \| The name of the state or province where your organization is legally located. Don't abbreviate the name.\| +\|Country \| The two letter country code where your organization is legally located. This must be an ISO 3166-1 alpha-2 country code.\| +\|KeyAlgorithm (ECC / RSA)\| Specifies the key algorithm for your certificate. This choice will be used for both the public key and the private key of your certificate. <p>`RSA` is the most common and widely supported key algorithm for certificates. Select the RSA algorithm if you're unsure which type of key your certificate authority supports. `ECC` uses elliptic curve cryptography based on ECDSA keys with NIST P-256, P-384, or P-521 curves. <p>SSL/TLS connections are faster to complete with `ECC` certificates than `RSA` certificates at the equivalent security strength. Verify that your certificate authority supports `ECC` certificates before selecting it.\| +\|KeySize (0 / 2048 / 4096 / 8192 / 16384)\| Specifies the size of your public and private RSA keys in bits. Larger key sizes provide more cryptographic strength than smaller key sizes, but they're also more computationally expensive and take more time to complete the SSL/TLS connection. <p>Select `2048` if you're unsure which key size to use. Key sizes larger than `4096` aren't recommended.\| +\|EllipticCurve (Default / nistP256 / nistP384 / nistP521)\| Specifies the elliptic curve of your public and private ECC keys. Larger elliptic curves provide more cryptographic strength than smaller elliptic curves, but they're also more computationally expensive and take more time to complete the SSL/TLS connection.<p> Select `nistP256` if you're unsure which elliptic curve to use. Elliptic curves larger than `nistP384` aren't recommended.\| +\|HashAlgorithm (Default / SHA256 / SHA384 / SHA512)\| Specifies the hash algorithm of your certificate signature, which your certificate authority will use to verify that your certificate request hasn't been tampered with. Larger hash algorithms provide more cryptographic strength than smaller hash algorithms, but they're also more computationally expensive. Select `SHA256` if you're unsure which hash algorithm to use. Hash algorithms larger than `SHA384` aren't recommended.\| +\|RsaSignaturePadding \| Specifies the RSA signature padding mode for creating and renewing certificates with RSA keys. `Pkcs1` represents the RSASSA-PKCS1-v1_5 padding mode. `Pss` represents the RSASSA-PSS padding mode. The default RSA signature padding mode is `Pkcs1`.\| +\|CertificateExpirationAttentionThreshold \| Specify the number of days before a certificate expires to trigger a certificate expiration notification. This is a reminder of upcoming certificate expirations that can be handled with normal priority. A certificate will only trigger a notification when it's assigned to SharePoint objects. This alert is disabled when set to 0.\| +\|CertificateExpirationWarningThreshold \| Specifies the number of days before a certificate expires to trigger a certificate expiration warning. This is a warning of imminent certificate expirations that should be handled with high priority. A certificate will only trigger a warning when it is assigned to SharePoint objects. This warning is disabled when set to 0.\| +\|CertificateExpirationErrorThreshold \| Specifies the number of days after a certificate expired to trigger a certificate expiration alert. This is an alert about certificates that have already expired and should be handled with critical priority. A certificate will only trigger an alert when it is assigned to SharePoint objects. This alert is disabled when set to 0.\|
SharePoint	Ssl Certificate Management In Central Administration	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/ssl-certificate-management-in-central-administration.md	+ + Title: "SSL certificate management in central administration" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how you can use Secure Sockets Layer (SSL) certificate management supports managing your SSL certificates in Central Administration." ++ +# SSL certificate management in central administration ++ +Besides managing SSL certificates through PowerShell cmdlets, SharePoint also supports managing your SSL certificates in Central Administration. You'll see a new Certificates section in the Security landing page of Central Administration. Within this section you'll find links to Manage certificates, Configure certificate management settings, and View certificate files. + +The Manage certificates page is the main page for managing the certificates in your SharePoint farm. From here you'll have full access to all of the certificate management functionality including creating new certificates, renewing existing certificates, viewing certificates, importing and exporting certificates, and so on. You'll be able to filter and sort the list of certificates based on various criteria such as certificate store and expiration date. + +The Configure certificate management settings page lets you configure various settings such as your default organization information and certificate health analyzer rule notification thresholds. + +The View certificate files page lists the Certificate Signing Request files and certificate export files generated by SharePoint. This makes it easy to retrieve these files even if you're accessing the Central Administration site remotely and don't have direct connectivity to the file shares that SharePoint would have access to.
SharePoint	Ssl Certificate Management	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/ssl-certificate-management.md	+ + Title: "SSL certificate management operations" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how you can use Secure Sockets Layer (SSL) certificate management to monitor and manage the lifecycle of SSL certificates in your SharePoint farm." +++ +# SSL certificate management operations ++ +The Secure Sockets Layer (SSL) certificate management feature allows you to monitor and manage the lifecycle of SSL certificates in your SharePoint farm, from acquisition and deployment to usage, expiration, and renewal. + +This article focuses on the following SSL certificate management operations: + +- [Create new certificates](create-new-certificates.md) +- [Import certificates](import-new-certificates.md) +- [Assign certificates to web applications](assign-certificates-to-web-applications.md) +- [Replace a certificate assignment](replace-a-certificate-assignment.md) +- [Remove certificates](remove-certificates.md) +- [View certificates](view-certificates.md) +- [Export certificates](export-certificate.md) +- [Outgoing SMTP support for client certificate authentication](outgoing-smtp-support-for-client-certificate-authentication.md) +- [Renew certificates](renew-certificates.md) +- [Rename certificate friendly names](rename-certificate-friendly-names.md) +- [Move certificates between certificate stores](move-certificates-between-certificate-stores.md) +- [View certificate default settings](view-certificate-default-settings.md) +- [Set certificate default settings](set-certificate-default-settings.md) +- [Certificates administration action logging](certificates-administrative-action-logging.md) +- [SSL certificate management in central administration](ssl-certificate-management-in-central-administration.md) +- [New health analyzer rules for SSL certificates](new-health-analyzer-rules-for-ssl-certificates.md) +
SharePoint	View Certificate Default Settings	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/view-certificate-default-settings.md	+ + Title: "View certificate default settings" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports farm-wide default settings for certificate management by creating and renaming certificates." + + +# View certificate default settings ++ +SharePoint supports farm-wide default settings for certificate management. These include default properties for creating and renewing certificates and certificate health rule thresholds. + +Use the [Get-SPCertificateSettings](/powershell/module/sharepoint-server/get-spcertificatesettings) PowerShell cmdlet to view the certificate management default settings.
SharePoint	View Certificates	https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/public/SharePoint/SharePointServer/administration/view-certificates.md	+ + Title: "View certificates" ++++ Last updated : 06/20/2022 +audience: ITPro +f1.keywords: +- NOCSH + +ms.localizationpriority: medium + +ms.assetid: 88317397-e0cb-47c7-9093-7872bc685213 +description: "Learn how SharePoint supports finding the certificates." + + +# View certificates ++ +SharePoint supports finding certificates via the [Get-SPCertificate](/powershell/module/sharepoint-server/get-spcertificate) PowerShell cmdlet. Optional parameters are available to filter the results returned by this cmdlet. + +```powershell +Get-SPCertificate [-Identity] <SPServerCertificatePipeBind> +Get-SPCertificate [-DisplayName] <String> [-Thumbprint <String>] [-SerialNumber <String>] [-Store {EndEntity \| Intermediate \| Pending \| Root}] [-InUse] [-DaysToExpiration <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>] +``` + +The cmdlet parameters are: + +\|Parameter\|Description\| +\| \| \| +\|Identity\| Specifies the display name, thumbprint, serial number, or GUID of the certificate to find. If multiple certificates match the identity specified, no certificates will be returned. Use the filtering criteria of the optional parameters when multiple certificates would match.\| +\|DisplayName\| The display name of the certificate to find. Use this parameter instead of the Identity parameter if multiple certificates might match this criteria. The Identity parameter can only return a single certificate.\| +\|Thumbprint\| The thumbprint of the certificate to find, in the form "1234567890ABCDEF1234567890ABCDEF12345678".\| +\|SerialNumber\| The serial number of the certificate to find, in the form "1234567890ABCDEF1234567890ABCDEF"\| +\|Store (EndEntity / Intermediate / Pending / Root)\| Specifies the certificate store to search. If this parameter isn't specified, all certificate stores will be searched.\| +\|InUse\| Specify to only return certificates that are directly assigned to SharePoint objects (that is, currently in use).\| +\|DaysToExpiration \|If a positive number, only return certificates that will expire in the number of days from now specified by this parameter. Specify "-1" to only return certificates that have already expired. Specifying "0" will result in no filtering based on expiration date.\| + +The following are the examples of cmdlet syntax: + +```powershell +- Get-SPCertificate -FriendlyName "Contoso SharePoint (2020)" +- Get-SPCertificate -InUse -DaysToExpiration 30 +```