Solved

SBS 2008 - Code Signing Certificate Expiring

Posted on 2014-02-17
10
1,230 Views
Last Modified: 2014-05-27
We recently started getting EVENT 64's in our Event log.  Which, normally, I would point to being a problem with the self-issued certificate for the SBS sites or the Exchange certificate for SMTP.  But when I checked the certificates, I found that it is the "Code Signing" Certificate.  How can I Renew this?  Microsoft's documentation is confusing at best, and I am concerned that doing any of it on an SBS server could break it.  Any ideas on how to fix this?

Event Log: Application
Windows Event Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Windows Event ID: 64
Windows Event Level: Warning
Windows Event Message: Certificate for local system with Thumbprint bd 46 7f f9 79 e6 e6 69 3a 0d 02 de 9f 3d dd 0e 9b b4 22 18 is about to expire or already expired.

Also, attached is a screen shot of the certificate authority
CodeSigning.JPG
0
Comment
Question by:CoastalSlns
  • 6
  • 4
10 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39866144
That message is definitely because your SSL certificate is about to expire.

Since its self-signed, you just need to renew it by doing the following:

1. In the SBS Console, click on Network Tab > Connectivity Tab
2. Click on the certificate icon, then click the “view certificate properties” in the right pane. On the General tab of the new window, it will show the dates that the self-signed certificate is valid.
3. In the “Connectivity Tasks” area, click “setup your Internet address”, go through the wizard to renew your self-signed certificate.
4. Re-check the certificate properties to verify it is now valid for another couple of years
0
 

Author Comment

by:CoastalSlns
ID: 39867222
Jeff,

It's not the certificate for the remote web workplace, OWA, etc.  It's something completely different.  

I found a few other servers we manage have a similar certificate, and it looks like it was issued the day we installed Exchange 2007 SP3.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39868970
Please just run the Wizard in the SBS Console because that will take care of everything your server needs.

Jeff
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:CoastalSlns
ID: 39877970
That does not work.  I have tried running the wizard in the SBS Console, the code signing cert still shows as expiring soon.

I am not sure this certificate is even needed, however, it is interesting that it appeared the same day we installed Exchange 2007 SP3 on these servers.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880293
Ah... does it appear anymore?  Because it would be normal for that error to show during installation of Exchange 2007 SP3.

Jeff
0
 

Author Comment

by:CoastalSlns
ID: 39880572
The code signing certificate is listed a certificate on the server, which is generating the event listed above.  This same event is used to show when any certificate on the server is expiring, so, I monitor event logs for that alert to make sure none of the web services certificates are not expiring.

I think I'll try and delete it and see what happens.  Will report back.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880638
Actually -- I just now saw that the latest Rollup for Exchange 2007 SP3 has been re-released due to this specific problem:
http://exchangeserverpro.com/microsoft-re-releases-exchange-server-update-rollups-due-to-code-signing-issue/


Jeff
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880642
So, you'll want to be sure that gets reapplied:
http://www.microsoft.com/en-us/download/details.aspx?id=34959
0
 

Author Comment

by:CoastalSlns
ID: 39882491
Exchange 2007 SP3 latest update rollup is 12, which was applied to the server.  Additionally,  Update Rollup 8-v2 was applied to these servers back when it was released.  Update Rollup 8 was never installed.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39884966
So, I just looked at an SBS 2008 that I installed for a client a few years ago.  The CodeSigning Certificate was issued for a year, and expired on 1/13/2012.  

I've never had a problem with this server -- so I would say you can safely ignore the warning as SBS 2008 doesn't use that certificate.

Jeff
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Find out what you should include to make the best professional email signature for your organization.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video discusses moving either the default database or any database to a new volume.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question