Update: you actually *can* update the property (even if it’s not there). Seems I was just too blind to notice it earlier. Thanks to Michel De Rooij for pointing this out.

In one of my earlier articles, I wrote about how to integrate Office Web Apps with Exchange Server 2013. As part of that process you had to configure the Office Web Apps farm with the name of the certificate that the farm would use.

The certificate attribute that you have to use is stored in the “Friendly Name”-property of the certificate. Although it’s pretty easy using the MMC (duh!), it’s always nice being able to do something through PowerShell.

According to an article I found, certutil.exe could be used to add a Friendly Name to a certificate. Although CertUtil.exe certainly proved its value in the past, I’m not particularly fond of it either.

Unsurprisingly, the solutions with PowerShell is pretty easy! Using the Set-Location cmdlet, you can change your active namespace to the certificate store:

Set-Location cert:

From there, navigate to the location where the certificate you want to add (or change) the property for. For instance:

cd .\\LocalMachine\My

Using Get-ChildItem we can retrieve a list of all the certificates in the store:

PS Cert:\CurrentUser\my> Get-ChildItem

Directory: Microsoft.PowerShell.Security\Certificate::CurrentUser\my

Thumbprint Subject
---------- -------
FEA21BCDB0FBFC2B00EBE4DA8A524D0C0999FBDC E=michael@vanhorenbeeck.be, CN=michael@vanhorenbeeck.be, Description=fgt8C...
100953EB6F74F5B60937BB0C7329037D9AE9927A CN=xowas.xylos.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA CN=outlook.linkedinlabs.com, O=DO_NOT_TRUST, OU=Created by http://www.fidd...
0224B3E25491F1A7F71D8367B147F41F3C1250D5 CN=www.google.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com

Once you’ve determined what certificate you want to update, we need to query the certificate and update the FriendlyName property as follows:

$cert = GCI
$cert.FriendlyName = “FriendlyName”
PS Cert:\CurrentUser\my> $cert = gci 070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA
PS Cert:\CurrentUser\my> $cert.FriendlyName = "FriendlyName"

That’s it! To verify that the property was set successfully, do the following:

 | fl name,FriendlyName
PS Cert:\CurrentUser\my> gci 070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA | fl ThumbPrint,FriendlyName

Thumbprint   : 070D4C36B95D9550488F4A2DDCEAF76F5B6C7AAA
FriendlyName : FriendlyName


  1. Currently if I do this and try to modify the FriendlyName property I get an exception Exception setting “FriendlyName”: “Access is denied.” how did you achieve this ?

  2. Even though I am running Powershell with admin , I receive access denied error. There is not error number to look up.
    Exception setting “FriendlyName”: “Access is denied.

    At line:1 char:7
    + $cert. <<<< FriendlyName = 'Friendly'
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertyAssignmentException

    1. Hi Vineet,

      have a look at the permissions of the certificate using the Certificate snapin on the MMC console.
      I suspect that you’re not having the correct permissions i.e. none does the built-in Administrators group.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s