Ps
# GENERATE NEW CERT (RUN ONCE)
$thumbprint = “0FE10549F0278B6B9D14A4C43C72B716479FD41C”
# get existing cert
$existingCertificate = Get-Item -Path Cert:\LocalMachine\My\$thumbprint
# generate a new cert based on the existing one one
$newCertificate = New-SelfSignedCertificate -CloneCert $existingCertificate
# COPY NEW CERT TO TRUSTED ROOT CERT AUTHORITIES STORE
$thumbprint = “0FE10549F0278B6B9D14A4C43C72B716479FD41C”
# get existing cert
$certificate = Get-Item -Path Cert:\LocalMachine\My\$thumbprint
# generate temp password and path
$guid = [Guid]::NewGuid().ToString() | ConvertTo-SecureString -AsPlainText -Force
$path = [System.IO.Path]::GetTempFileName()
# export cert
$certificate | Export-PfxCertificate -FilePath $path -Password $guid
# import cert to Trusted Root Store
Import-PfxCertificate -FilePath $path -Exportable -Password $guid -CertStoreLocation Cert:\LocalMachine\Root
# delete temp cert
Remove-Item -Path $path -Force
# APPLY TO CERT TO SERVICE BUS
$thumbprint = “0FE10549F0278B6B9D14A4C43C72B716479FD41C”
Set-SBCertificate -FarmCertificateThumbprint $thumbprint -EncryptionCertificateThumbprint $thumbprint
Stop-SBFarm # RUN ONCE ON WFM SERVER
Update-SBHost # RUN ONCE ON ALL WFM SERVERS
Start-SBFarm # RUN ONCE ON WFM SERVER, THIS TAKES SEVERAL MINUTES TO RUN