Renewing a expired certificate for a windows service bus is quite simple and the process is documented on msdn.
1. Stop-SBFarm on one of the nodes in the farm.
2. Install a new certificate on all Service Bus machines.
3. Set-SBCertificate – FarmCertificateThumbprint: Thumbprint of the new farm certificate – SkipKeyReEncryption
4. Update-SBHost cmdlet on all farm nodes.
5. Set-SBNamespace – Name namespace – PrimarySymmetricKey: service namespace key.
6.Call the Start-SBFarm cmdlet on one of the farm nodes.
However if the expired certificate has been deleted, you will run into issues running any command against the servicebus.
You will most likely receive the following error:
Certificate requested with thumbprint not found in the certificate store
I have seen various methods to resolve this by editing the registry and removing entries from SQL or re implementing your service bus, but a cleaner method is to simply restore your expired cert so it can be renewed.
1. Logon to your certificate authority
2. Find the issued certificate request by using the filter by using the certificate hash field and enter the thumbprint for the expired certificate. (note: thumbprint format uses spaces)
3. Select the certificate and export as binary and save as using the .cer file extension
4. Copy the .cer file to your service bus server
5. Import the certificate to the local store
6. Open the certificate store, and view the properties of the imported certificate. select the details tab and note down the serial number
7. Open command prompt as administrator and run the following: certutil -repairstore my “serialnumber”
8. Open powershell as administrator and run the following: get-sbfarm
9. Run the following start-sbfarm
10. You now can follow the procedure to renew a expired certificate
Not sure about this – the cert expires and you are basically toast. None of the Service Bus cmdlets function and the services stop and won’t start.
could you please on the detailed steps of renewing the service bus certificate, for may case also cmdlets are not working
Please help me with the steps of getting the new certificate also
I was really not optimist about that solution but it worked. I was able to restart the bus service and run the powershell command to change the certificate thumbprint to the new certificate.
Thanks.
This hasn’t worked for us. The expired certificate still exists. I ran the repair ” certutil -repairstore my “serialnumber”” which said it succeeded but no difference.
Resident Geek, for some reason it only worked for me when running it in service bus powershell
If your certificate expired, you can rollback server time after that service bus cmdlets will work and you can register new certificate.
When I changed my certificate it worked. But my problem is, for old service bus i had few topics and subscriptions created but after changing to new certificate those topics are not visible.
Note:Old certificate was auto generated but new certificate is custom one. Is there anything I need to do for this case?