So one of the fun things about setting up FAST for development is that when you set up a development environment you have the option of creating a self-signed certificate if you want to set up HTTPS communication between FAST and SharePoint – always a good idea if you are doing the same in production as you want to make sure that the SDLC farms match production as closely as possible. Unfortunately what this means is that you now have a cert that is valid for one year after installation. As with most environments, it seems as if the DEV and QA environments don’t always get as closely monitored as production, and when things go sideways in these environments you don’t always have all hands on deck helping you figure out what happened. Either that or you have to remember to up the cert every year… tedious for SDLC environments and often forgotten about when employees leave, or you have to have some sort of non-expiring certificate. We don’t have perpetual certificates, So how to keep your DEV and QA environments in a stable and low maintenance state? 100 year expirations on your certs!
If you are running FAST on Windows Server 2008 R2 here’s an easy solution to generating 100 year certs for your environments:
1) Open up C:\FASTSearch\installer\scripts\include\certificatesetup.ps1 and scroll down to line number 246 which reads:
Add-Content -Path $infFile -Value "SuppressDefaults=true"
2) Append the following lines underneath it:
Add-Content -Path $infFile -Value "ValidityPeriod=Years"
Add-Content -Path $infFile -Value "ValidityPeriodUnits=100"
3) save the file.
4) Then recreate your certificate with replacedefaultcertificate.ps1 as explained at TechNet. Remember to import it on your SharePoint 2010 server as well. If you apply this edit during installation of FAST for SharePoint you save yourself a step and now you have an environment that potentially will give you one less headache a year from now.