asked on

SBS 2008 - Code Signing Certificate Expiring

We recently started getting EVENT 64's in our Event log. Which, normally, I would point to being a problem with the self-issued certificate for the SBS sites or the Exchange certificate for SMTP. But when I checked the certificates, I found that it is the "Code Signing" Certificate. How can I Renew this? Microsoft's documentation is confusing at best, and I am concerned that doing any of it on an SBS server could break it. Any ideas on how to fix this?

Event Log: Application
Windows Event Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Windows Event ID: 64
Windows Event Level: Warning
Windows Event Message: Certificate for local system with Thumbprint bd 46 7f f9 79 e6 e6 69 3a 0d 02 de 9f 3d dd 0e 9b b4 22 18 is about to expire or already expired.

Also, attached is a screen shot of the certificate authority
CodeSigning.JPG

Jeffrey Kane - TechSoEasy

That message is definitely because your SSL certificate is about to expire.

Since its self-signed, you just need to renew it by doing the following:

1. In the SBS Console, click on Network Tab > Connectivity Tab
2. Click on the certificate icon, then click the “view certificate properties” in the right pane. On the General tab of the new window, it will show the dates that the self-signed certificate is valid.
3. In the “Connectivity Tasks” area, click “setup your Internet address”, go through the wizard to renew your self-signed certificate.
4. Re-check the certificate properties to verify it is now valid for another couple of years

CoastalSlns

ASKER

Jeff,

It's not the certificate for the remote web workplace, OWA, etc. It's something completely different.

I found a few other servers we manage have a similar certificate, and it looks like it was issued the day we installed Exchange 2007 SP3.

Jeffrey Kane - TechSoEasy

Please just run the Wizard in the SBS Console because that will take care of everything your server needs.

Jeff

CoastalSlns

ASKER

That does not work. I have tried running the wizard in the SBS Console, the code signing cert still shows as expiring soon.

I am not sure this certificate is even needed, however, it is interesting that it appeared the same day we installed Exchange 2007 SP3 on these servers.

Jeffrey Kane - TechSoEasy

Ah... does it appear anymore? Because it would be normal for that error to show during installation of Exchange 2007 SP3.

Jeff

CoastalSlns

ASKER

The code signing certificate is listed a certificate on the server, which is generating the event listed above. This same event is used to show when any certificate on the server is expiring, so, I monitor event logs for that alert to make sure none of the web services certificates are not expiring.

I think I'll try and delete it and see what happens. Will report back.

Jeffrey Kane - TechSoEasy

Actually -- I just now saw that the latest Rollup for Exchange 2007 SP3 has been re-released due to this specific problem:
http://exchangeserverpro.com/microsoft-re-releases-exchange-server-update-rollups-due-to-code-signing-issue/

Jeff

Jeffrey Kane - TechSoEasy

So, you'll want to be sure that gets reapplied:
http://www.microsoft.com/en-us/download/details.aspx?id=34959

CoastalSlns

ASKER

Exchange 2007 SP3 latest update rollup is 12, which was applied to the server. Additionally, Update Rollup 8-v2 was applied to these servers back when it was released. Update Rollup 8 was never installed.

ASKER CERTIFIED SOLUTION

Jeffrey Kane - TechSoEasy

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial