0

Change Certificate Friendly Name To Unique Value

Imagine that you have two certificates installed, but for whatever reason the same friendly name was used for both of them.  You can certainly identity each of them by comparing the valid from/valid to dates or the thumbprint.  That adds just a little extra overhead that you may not want to deal with.

As an alternative, you can modify the friendly name  to a more suitable value.  This allows you to easily distinguish each certificate.

This post uses Exchange server as example, but will be applicable to many more scenarios.

In the below screenshot, you can see that there are two certificates installed called “Tailspin Wildcard”.    Each has a different expiration date, but maybe we want to update the name so that the differences are more apparent.

Multiple Certificates Installed With The Same Friendly Name

Since web server certificates are typically valid for 1 year, you have probably already guessed that these are the  *.tailspintoys.org certs issued in 2020 and 2021.

If we view the properties of the cert using the EAC, note that these properties are all read only.  All that we can really change is the Exchange bindings, and that is separate on the services tab.  The binding is only assigning the certificate to a particular Exchange service, it still does not allow us to change the certificate’s friendly name.

View Certificate Properties in Exchange Admin Center

The same is also true in Exchange Management Shell, while we can see the certificate and associated properties there is no native Exchange mechanism to modify the properties such as the friendly name.

Let’s obtain the thumbprint for each certificate, as we will need that to be able to update its properties.   You can do this as shown above using EAC, or using PowerShell as shown below.

In the example below, we note that the *.Tailspintoys.org certificate with thumbprint 34B18F6F914747FE8D2FC930CEDD03D40D190DA3 expires in 2021.  The other *.Tailspintoys.org certificate expires in 2022.

View Certificate Properties in Exchange Management Shell

Let’s note those details as we need them for the next stage.

Updating Friendly Name

Now that we have the thumbprint for each of the two certs that we want to modify, let’s head over to Windows PowerShell to make the changes.  This could have been done inside the Exchange Management Shell, but the point is to illustrate that we need to do this change in Windows PowerShell as Exchange cmdlets do not provide this functionality.

 

As noted in this post, we need to get a reference to the certificate we wish to change and then update the FriendlyName property.

The steps are shown twice as we will set a unique value for both certificates to help reduce confusion.  This is why there is a reference to $Certificate2021 and also $Certificate2022.

Updating Certificate Friendly Name Using Windows PowerShell

Set-LocationCert:\LocalMachine\MY
$Certificate2021 = Get-Item 34B18F6F914747FE8D2FC930CEDD03D40D190DA3
$Certificate2021.FriendlyName = "Tailspin Wildcard 2021"

   

$Certificate2022 = Get-Item 3FA29CA568B159CC7E40031C8C63F438B2122E95
$Certificate2022.FriendlyName = "Tailspin Wildcard 2022"
Get-ChildItem | Select Friendlyname, Thumbprint | Sort-Object FriendlyName

End Result

Now that we have updated the friendly name using Windows PowerShell, we can refresh the Exchange Admin Centre and see that the updated values are visible.

Exchange Admin Center Showing Unique Friendly Names

 

As a parting thought, you may also want to update other servers as the certificate could be installed on additional machines.

 

Cheers,

Rhoderick

Rhoderick Milne [MSFT]

Leave a Reply

Your email address will not be published. Required fields are marked *