Update: you actually *can* update the property (even if it’s not there). Seems I was just too blind to notice it earlier. Thanks to Michel De Rooij for pointing this out.
In one of my earlier articles, I wrote about how to integrate Office Web Apps with Exchange Server 2013. As part of that process you had to configure the Office Web Apps farm with the name of the certificate that the farm would use.
The certificate attribute that you have to use is stored in the “Friendly Name”-property of the certificate. Although it’s pretty easy using the MMC (duh!), it’s always nice being able to do something through PowerShell.
According to an article I found, certutil.exe could be used to add a Friendly Name to a certificate. Although CertUtil.exe certainly proved its value in the past, I’m not particularly fond of it either.
Unsurprisingly, the solutions with PowerShell is pretty easy! Using the Set-Location cmdlet, you can change your active namespace to the certificate store:
[sourcecode language=”PowerShell”]Set-Location cert:[/sourcecode]
From there, navigate to the location where the certificate you want to add (or change) the property for. For instance:
[sourcecode language=”PowerShell”]cd .\\LocalMachine\My[/sourcecode]
Using Get-ChildItem we can retrieve a list of all the certificates in the store:
[sourcecode language=”PowerShell”]Get-ChildItem[/sourcecode]
PS Cert:\CurrentUser\my> Get-ChildItem Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\my Thumbprint Subject ---------- ------- FEA21BCDB0FBFC2B00EBE4DA8A524D0C0999FBDC E=michael@vanhorenbeeck.be, CN=michael@vanhorenbeeck.be, Description=fgt8C... 100953EB6F74F5B60937BB0C7329037D9AE9927A CN=xowas.xylos.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com 070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA CN=outlook.linkedinlabs.com, O=DO_NOT_TRUST, OU=Created by http://www.fidd... 0224B3E25491F1A7F71D8367B147F41F3C1250D5 CN=www.google.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comOnce you’ve determined what certificate you want to update, we need to query the certificate and update the FriendlyName property as follows:
$cert = GCI
[sourcecode language=”PowerShell”]$cert.FriendlyName = “FriendlyName”[/sourcecode]
PS Cert:\CurrentUser\my> $cert = gci 070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA PS Cert:\CurrentUser\my> $cert.FriendlyName = "FriendlyName"
That’s it! To verify that the property was set successfully, do the following:
[sourcecode language=”PowerShell”]gci
| fl name,FriendlyName[/sourcecode]
PS Cert:\CurrentUser\my> gci 070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA | fl ThumbPrint,FriendlyName Thumbprint : 070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA FriendlyName : FriendlyName
Currently if I do this and try to modify the FriendlyName property I get an exception Exception setting “FriendlyName”: “Access is denied.” how did you achieve this ?
Hi Krystan,
Did you run powershell with administrative rights?
Michael
Even though I am running Powershell with admin , I receive access denied error. There is not error number to look up.
—————————————————————————————-
Exception setting “FriendlyName”: “Access is denied.
”
At line:1 char:7
+ $cert. <<<< FriendlyName = 'Friendly'
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyAssignmentException
Hi Vineet,
have a look at the permissions of the certificate using the Certificate snapin on the MMC console.
I suspect that you’re not having the correct permissions i.e. none does the built-in Administrators group.
Michael
Excellent, worked great for me! This will definitely come in handy, as I also don’t care much for the certutil utility. Thanks for posting!
I’m glad you liked it!