I’m having an issue with a service (Sharepoint SE) that is having trouble importing the certificate I generate through CtW because the Name property is too long. After generation of the certificates I’ve requested, I get a Name on all of them of [FQDN] [Certify] [StartDate] to [ExpirationDate] [SerialNumber]. When I use powershell to try importing the certificate into Sharepoint SE as the nonce certificate, I get an error of “The name Provisioning Certificate [FQDN] [Certify] [StartDate] to [ExpirationDate] [SerialNumber] is too long. Please specify a name with 128 or fewer characters. Parameter name: Name”
I’d like to create the certificate where the Name, DisplayName, and FriendlyName are all [FQDN] without all of the extraneous fluff. I’ve gone through the exercise of adding a Deployment Task to change the FriendlyName to [FQDN], but the Name and DisplayName are still the much longer versions and still generate the error.
Interesting to note that [FQDN] [Certify] [StartDate] to [ExpirationDate] [SerialNumber] comes out to 112 characters, but the powershell command adds "Provisioning Certificate " to kick it up over the 128 character limit.
We don’t append a serial to the FriendlyName but maybe sharepoint does.
Here’s an example script that renames a cert:
Note that if you do rename a cert in the machine that’s running Certify you also won’t get the expired cert cleanup (which is why this script deletes the old one). If you keep [Certify] in the name it will be included in the automated cleanup based on expiry.
Oh forgot we also have a deployment task called Deploy to Certificate Store which is rarely useful but it does let you set a custom friendly name.
I’d still include [Certify] at the start of the name so you get the cleanup and under Deployment in the app set the normal deployment mode to No Store to avoid the automated store happening as well.
Like I mentioned in the original question, I’ve already been through the steps of changing the FriendlyName and Sharepoint just doesn’t care. It doesn’t look at that value for importing the certificate using the method I outlined for setting it as a nonce cert for use in an OIDC connection. From what I’ve found from various searches, there’s no way to get CtW to not append the date information to the DisplayName on the certificate. If that’s the case, I need to look at an alternate solution.
FriendlyName is the only attribute we set, I have no idea where “Display Name” comes from, but it’s not our app and that’s not a PFX attribute. Yep probably best to seek an alternative solution.