Udostępnij za pośrednictwem


Private key management for SSL certificates

APPLIES TO: no-img-132013 no-img-162016 no-img-192019 yes-img-seSubscription Edition no-img-sopSharePoint in Microsoft 365

To better support least privileges scenarios and minimize the permissions given to certificate private keys, SharePoint Server Subscription Edition Version 23H1 applies more granular and sophisticated permission management for these private keys. The permissions are based on the certificate assignments and are dynamically updated when the certificate assignments change.

For example, if a certificate is assigned to perform client certificate authentication to a Simple Mail Transfer Protocol (SMTP) server, SharePoint ensures that the process that’s connecting to the SMTP server has the necessary permissions to use the private key of that certificate. If a certificate is no longer assigned to perform client certificate authentication to an SMTP server, SharePoint removes permissions for that process so it no longer has access to the private key of that certificate.

The following API has been added Microsoft.SharePoint.Administration.CertificateManagement.SPServerCertificate class to allow third-party integration with this functionality.