IIS WMSvc Automated Certificate Management

I’ve added a new script to my GitHub PowerShell repository for managing the IIS WMSvc Certificate. The script WMSvc_InstallCertificate.ps1 is intended to be ran either by scheduled task or by command line and will attempt to detect when the Web Management Service (WMSvc) certificate needs to be replaced. Replacement certificates are sourced from an Enterprise Certificate Authority automatically. The IIS machine account must have privileges to enroll.

In my lab, this script is tied to a scheduled task that is automatically created by group policy on servers attached to the IIS role security group. This same security group is also granted enroll privileges on the certificate template. In effect, new servers created will automatically receive a trusted certificate for their management port and that certificate is rotated automatically before expiration.

Since my lab IIS installations run on Server Core, it is quite convenient to have the remote management service configured automatically.

VMware vRealize Operations Manager Returns Keyfile is not Valid when Updating a Certificate

VMware vRealize Operations Manager 6.6.1 may return an error stating “Keyfile is not valid” when attempting to install a new SSL certificate. The appliance does not properly convert timezone data on the “valid from” attribute of a certificate and may believe the certificate is outside it’s validity period.

The solution was to try again the following day.