Description

The procedure described in http://technet.microsoft.com/en-us/library/ee704552.aspx is quite tedious and requires a lot of manual steps. This script automates 95% of the process, assuming that the user running the script on the two farms have access to the c$ admin share on the other farm.

Script

// Click on the Insert Code Section in the toolbar to add your script.

PowerShell
Edit|Remove
# Contributors: Thomas Svensen
 
Add-PSSnapin Microsoft.SharePoint.PowerShell -erroraction SilentlyContinue 


$consuming="www.searchfarm.local"
$publishing="www.intranet.local"

Write-Host publishing is $publishing
Write-Host Consuming is $consuming

$hostType = Read-Host "Now running this script on Consuming (c) or publishing (p) farm?"

if (!($hostType -eq "c") -and !($hostType -eq "p")) {
    Write-Host "Choose 'c' or 'p' please"
    Exit 1
}

###
# On Consuming farm
###

if ($hostType -eq "c") 
{
    # Copy root cert. from "consuming" to "publishing"
    ((Get-SPCertificateAuthority).RootCertificate).Export("Cert") | Set-Content \\$publishing\c$\SP-root-cert-$consuming.cer -Encoding byte

    # Copy STS cert. from "consuming" to "publishing"
    ((Get-SPSecurityTokenServiceConfig).LocalLoginProvider.SigningCertificate).Export("Cert") | Set-Content \\$publishing\c$\SP-STS-$consuming.cer -Encoding byte

    Read-Host "Has the script been run on the publishing farm yet, so that the certificates are available locally?"

    # Import root cert. from "publishing"
    New-SPTrustedRootAuthority $publishing -Certificate (Get-PfxCertificate C:\SP-root-cert-$publishing.cer)
}


###
# On publishing farm
###

if ($hostType -eq "p") 
{
    # Copy root cert. from staging01 to dev02
    ((Get-SPCertificateAuthority).RootCertificate).Export("Cert") | Set-Content \\$consuming\c$\SP-root-cert-$publishing.cer -Encoding byte

    Read-Host "Has the script been run on the Consuming farm yet, so that the certificates are available locally?"


    # Import root cert. from "consuming"
    New-SPTrustedRootAuthority $consuming -Certificate (Get-PfxCertificate C:\SP-root-cert-$consuming.cer)


    # Import STS cert. from "consuming"
    New-SPTrustedServiceTokenIssuer $consuming -Certificate (Get-PfxCertificate C:\SP-STS-$consuming.cer)

}