Menu
-->APPLIES TO: 2013 2016 2019 SharePoint Online ![Workflow manager certificate generation key is missing Workflow manager certificate generation key is missing](/uploads/1/2/6/0/126088143/628195632.png)
![Workflow manager certificate generation key unlock Workflow manager certificate generation key unlock](https://social.msdn.microsoft.com/Forums/getfile/562872)
- Workflow Manager Certificate Generation Key Unlock
- Forgot Certificate Generation Key Workflow Manager
- Workflow Manager Certificate Generation Key Unlock
- Reset Certificate Generation Key For Workflow Manager
Workflow Manager Certificate Generation Key Unlock
Mar 25, 2019 On workflow manager server go and open IIS and navigate to the server name then server certificates. From action pane, select create certificate request. Put the common name FQDN server, save file as.csr. Go to your certificate authority and share with them this request to give you the certificate. Leave Configure Certificates to Auto-Generate Use SP2013 as the ‘Certificate Generate Key’ use a secure key instead of words ‘SP2013’ in production Configure Ports Workflow Manager Management Port: 12290; HTTP Port: 12291; Check the box “Allow Workflow management over. If you want to use the same certificate generation key which you provide for Workflow Management Farm in the previous window, you can select the check box “Use the same certificate generation key as provided for Workflow Manager”. Configure required ports for communication. Enable firewall rules and provide Admin group.
In 'Certificate Generation Key' section, provide the Key (which is very important in case you want to join another Server on this Farm). In 'Configure Ports' section, provide the Http and https Port. If you want to use the custom ports, then provide that here but as per.
Forgot Certificate Generation Key Workflow Manager
Secure Socket Layer (SSL) is an encrypted communication protocol which uses encryption certificates. Workflow Manager and SharePoint Server can communicate in a secure manor using SSL. This article describes the steps required to setup and configure SSL certificates.
Configuration steps
![Workflow manager certificate generation key is missing Workflow manager certificate generation key is missing](/uploads/1/2/6/0/126088143/628195632.png)
The following sections provide instructions for configuring SSL communication with Workflow Manager and SharePoint Server.
Enable SSL
Enable Secure Sockets Layer (SSL) in IIS Manager. For guidance on completing the configuration, see the following:
Install Workflow Manager certificates in SharePoint
Under some circumstances, you must obtain and install Workflow Manager 'issuer' certificates on SharePoint Server. Here are the circumstances where you must install Workflow Manager certificates:
- If SSL is enabled either on SharePoint Server (which is not the default) or on Workflow Manager (which is the default), AND
- If SharePoint Server and Workflow Manager do not share a Certificate Authority, AND
- If Workflow Manager is configured to generate self-signed certificates (which is the default).
Note
Product trial, workflow development, and troubleshooting are easier if SSL is not enabled. However, communication between SharePoint Server and Workflow Manager is not encrypted if SSL is not enabled. For this reason, SSL should be enabled for production configurations.
To obtain and export certificates from the Workflow Manager server
- On a computer that has Workflow Manager installed, choose IIS Manager, Sites. Right-click Workflow Management Site, and then choose Edit Bindings.
- Choose the https port, and then choose Edit. Choose the View button in the SSL Certificate section.
- To export the issuer certificate, do the following:
- In the Certificate window, choose the Certification path tab.
- Select root certification path and choose View.
- On the Details tab, choose Export Certificate, and take the default options in the export wizard.
- Give the exported certificate file a friendly name.
To install certificates on SharePoint Server
- Copy the issuer certificate to your SharePoint Server computer.
- Add the certificates to the Windows Certificate store.
- For each certificate, do the following:
- Double-click the file to open and view the certificate.
- On the certificate, choose the Install Certificate button to start the installation wizard.
- In the wizard, choose Place all certificates in the following store, and then choose Trusted Root Certification Authorities.
- Add the certificates to SharePoint Server by going to the SharePoint Management shell and running the New-SPTrustedRootAuthority cmdlet. Do this for each certificate file.
We might face a scenario of removing a node from existing workflow manager(WFM) farm and add it back during troubleshooting with WFM farm or Service Bus(SB) farm.
In those scenarios, we might lose/forget the Certificate Generation key which is mandatory to be entered while we select the option of 'Join to an Existing Workflow Manager Farm'. We have also seen engineers rebuilding the farm considering this as a road blocker to join the node back to existing farm.
We need to reset this Certificate Generation Key for WFM and SB separately following below steps.
Workflow Manager Certificate Generation Key Unlock
Reset Certificate Generation Key for WFM using WFM PowerShell:
Note: 'WFM$amplepwd1' is the new key we are going to set.
$CertKey=convertto-securestring 'WFM$amplepwd1' -asplaintext -force
Set-WFCertificateAutoGenerationKey -WFFarmDBConnectionString 'Data Source=lmc-vsqlp06;Initial Catalog=WFManagementDB;Integrated Security=True;Encrypt=False' -key $CertKey -Verbose
-Update SB CertificateAutoGenerationKey
$mycert=ConvertTo-SecureString -string LMCSharepointProd1 -force -AsPlainText
Set-SBCertificateAutogenerationKey -SBFarmDBConnectionString 'Data Source=lmc-vsqlp06;Initial Catalog=SBManagementDB;Integrated Security=True;Encrypt=False' -key $mycert -Verbose
-Now provide the new Certificate Generation Key (WFM$amplepwd1 in our case) in WFM configuration wizard (and SB configuration wizard) which should accept your new key
-All services started running. To apply the changes, we ran 3 more commands
Stop-Sbfarm
Update-SBfarm
Start-SBfarm
Reset Certificate Generation Key For Workflow Manager
Written By
Sandeepkumar Pasumarthy
Microsoft GTSC
Sandeepkumar Pasumarthy
Microsoft GTSC