Workflow manager certificate and service bus certificate renewal process

Note: This Article is created based on the experience in recent MI, Microsoft has clearly stated this process has to be done by approaching Microsoft. Please log MS ticket before doing this activity. below steps are supposed to be performed with Microsoft on the call.

Step1 : Workflow manager certificate and service bus certificate have both expired.

Workflow services will be automatically stopped once workflow manger certificate expires.

Step 2:

clock should be turned back to a time when the cert is still available, and run the commands on workflow manger server

 

# Check SB and WFM status

Get-sbfarm

Get-sbfarmstatus

Get-wffarm

Get-wffarmstatus

 

The actions we have taken:

1. Backup all WFM and Service Bus Databases. Take WFM server’s VM snapshot too.

 

2. Make sure that the clock is turned back to a time when the cert is still available.

 

3. Run some commands to generate new certificates.

$CertKey=convertto-securestring "YourSecretPassword" -asplaintext -force

Set-WFCertificateAutoGenerationKey -Key $CertKey

Set-SBCertificateAutogenerationKey -Key $CertKey 

 

4. Open MMC to import certificates to 'Trusted Root Certificate Authorities' -> 'Certificate'.

 

5. Run some commands:

Stop-WFHost

Stop-SBFarm

Update-SBHost

Start-SBFarm

 

# Check SB status after start

Get-SBFarm

Get-SBFarmStatus

 

# Complete the WFM configuration to update nodes

Stop-WFHost

Update-WFHost -CertificateAutoGenerationKey $CertKey   

Start-WFHost

 

# Check WFM status after start

Get-WFFarm

Get-WFFarmStatus

 

6. Change the system time back to the current time. Restart the server.

Status:

Workflow manager certificate expired issue has been resolved. Run commands again.

 

# Check SB status

Get-sbfarm

Get-sbfarmstatus

# Check WFM status

Get-wffarm

Get-wffarmstatus

Passed WFMQuickTest.