Friday, January 14, 2011

Will your FAST Search Server for SharePoint work in a year?

That depends on what you are doing with your certificates. If you followed the installation instructions you are most likely using a self-signed certificate created during installation which is only valid for a year.
Fast forward one year from your installation date, and your users will start complaining for sure.

Your options are either to purchase a certificate from a certificate authority which have longer expirations, or create a self signed with an expiration date more than one year into the future. (If you are relying on https communication in your FS4SP environment you need to purchase a certificate, as self signed won’t work and you don’t have to read on.)

If you don’t want to fork out the money for a commercial certificate and want to forget about renewal, then here’s what you need to do.

Note: Only works on 2008R2, not 2008.

Open up C:\FASTSearch\installer\scripts\include\certificatesetup.ps1 and scroll down to line number 246 which reads:
Add-Content -Path $infFile -Value "SuppressDefaults=true"

Append the following lines underneath it:
Add-Content -Path $infFile -Value "ValidityPeriod=Years" 
Add-Content -Path $infFile -Value "ValidityPeriodUnits=100"

and save the file.

Then recreate your certificate with

replacedefaultcertificate.ps1 as explained at TechNet. And remember to import it on your SharePoint 2010 server as well.

If you apply this edit during installation of FAST for SharePoint you save yourself a step and possibly some sleep. Do the edit after the .exe install, and before you run the configuration wizard.