When you click Manage Trust link, you will land on the Trusts page. This page will give an option to the SharePoint administrator to manage the trust relationships for this Farm.
![SharePoint]()
Manage Trust page’s direct link: /_admin/ManageTrust.aspx
SharePoint has an ability to connect to other SharePoint Farms to consume the Service Applications or connect to Office Online Server or connect to the Workflow Manager Farm (dedicated Farm). For SharePoint to communicate to other Farms, we have to build a trust between the Farms. We need to exchange the certificates between the Farms to build a trust between the Farm.
We can build the trust (exchange the certificates) via Powershell as well as via Central Admin. SharePoint 2016 Central Admin gives us an option, where we can build the trust between the Farms by adding the certificate.
There are couple of situations, where have to build a trust.
- If you want to consume a shared Service from a publishing Farm, then we have to build the trust between publishing and consumer Farm.
- If we have a dedicated Workflow Manager Farm and use https for communication then we have to build Trust with Workflow Manager Farm.
- Similarly, if we have a OOS Farm then we have to build the trust relationship with that farm.
In Central Admin Manage Trust options, we can add a Root or STS certificate, edit a certificate or even delete a certificate.
To add a Root certificate for Trust
Please follow the steps given below to add a Root certificate for Trust.
- Login to Central Admin with an account member of Farm Administrator group and also local admin on the Server.
- Go to the Security > Manage Trust.
- On Trusts page, click Trust Relationships.
![SharePoint]()
- Click New button.
![SharePoint]()
- On this page, please enter the information given below.
- Enter the name of OOS-Trust.
- Give the path of the of OOS certificate.
- Click OK.
![SharePoint]()
- You will see a new certificate added to Trust of SharePoint.
![SharePoint]()
To edit a Root certificate
Please follow the steps given below to edit a Root certificate.
Note- Please keep in mind that we can’t edit a Security Token Service (STS) certificate from here, even if you try to edit it, it will give you some unexpected error.
- Login to Central Admin with account member of Farm Administrator group and also local admin on the Server.
- Go to the Security > Manage Trust.
- On Trusts page, click Trust Relationships.
![SharePoint]()
- You will see that an edit page is not enabled. Do the steps given below.
- Click the certificate, which you want to edit.
- Now, you will see an Edit button.
![SharePoint]()
- On this new pop up page, basically you will learn about the certificate and if you think this is not right, then you can replace the certificate with pointing it to new certificate. You will see the information given below.
- Certificate Friendly name.
- Certificate Expiration Date.
- Certificate Issuer.
- Certificate Issued to.
- Certificate Thumbprint.
- Root Authority Certificate.
If you want to replace the existing cert, then you have to give the path of the new certificate.
![SharePoint]()
To delete a Root certificate
Please follow the steps given below to add a Root certificate for Trust.
- Login to Central Admin with an account member of Farm administrator group and also local admin on the Server.
- Go to the Security > Manage Trust.
- On Trusts page, click Trust Relationships.
![SharePoint]()
- Again, Delete button is disabled. To enable please do following steps/
- Click Certificate which we want to delete. i.e. TeamSSL.
- Click Delete button from Ribbon.
![SharePoint]()
- A popup will appear, ask you to confirm “are you sure you want to delete the trust relationship TeamSSL”.
![SharePoint]()
- It will take couple of seconds and return to Trusts page. You will see TeamSSL certificate does not exist any more.
![SharePoint]()
This concludes Manage Trust article. In this article, we learned how to add a Root certificate, edit a Root certificate and delete a certificate, using SharePoint central admin.
Keep learning and enjoying SharePoint.