Table of Contents
Let’s Encrypt and WAC.
In my previous post I wrote about installing Let’s encrypt certificates on Windows. I gave the example that you can use a Let’s encrypt certificate for the Windows Admin Center.
In this blog post I will also show you how to use Let’s Encrypt for WAC.
During the installation you will be asked for the thumbprint. Unfortunately this is not a select option.
In the tutorial below, I explain how to get the correct thumbprint and how to use it in the Windows Admin Center.
I installed the Windows Admin Center on the management server in my Developer tenant. This is the same server used in the previous post.
Finding the correct thumbprint for WAC.
Let’s start by getting the certificate correct thumbprint.
Go to start and search for PowerShell_ISE.
Or press CTRL + R at the same time and type in PowerShell_ISE.
Copy / paste the cmdlet below to PowerShell_ISE.
$c = "Windows Admin Center Encryption"
Get-ChildItem -path cert:\LocalMachine\My | where {$_.Subject -like "*$c*"} | select subject,thumbprint
Change $c to the subject of your certificate. Usually this is the domain name itself. You could also use a part of the subject because the cmdlet uses a wildcard.
This shows the following certificate thumbprint for me:
1374EDF24566178587606A8A68A6D5756B8919FF
Make sure you always leave the first and the last 2 characters and copy the rest.
Type in the first 2 characters and paste the rest, and then type the last 2 characters in the Windows Admin Center option “Provide the thumbprint for the gateway SSL certificate“.
This prevents you from copying a space!
Continue with the WAC installation. My screenshot shows Change because I already installed Windows Admin Center with a Self Signed Certificate.
If you now open the domain where your WAC is installed, you will see that the website is secured.
When we request the certificate we see that it is a Let’s Encrypt certificate and we can now verify that the installation of a Let’s Encrypt certificate on Windows Admin Center has been successful.
Recap
If you have any questions about this, or using Let’s Encrypt for different applications or Windows roles, please let me know in the comments.
A little extra
This post contains PowerShell. Would you like to learn the basics better? I have created a new website to learn basic PowerShell in an ’emulator’ environment.
Click here to go learn Basic PowerShell.
This post is like a food recipe that provides most of the ingredients but leaves a few out and doesn’t bother to provide the instructions.
There is no mention here that Let’s Encrypt certificates are very short lived and that you will need to repeat this manual process every time the Let’s Encrypt certificate is renewed.