Solved

SBS 2008 - Code Signing Certificate Expiring

Posted on 2014-02-17
10
1,277 Views
Last Modified: 2014-05-27
We recently started getting EVENT 64's in our Event log.  Which, normally, I would point to being a problem with the self-issued certificate for the SBS sites or the Exchange certificate for SMTP.  But when I checked the certificates, I found that it is the "Code Signing" Certificate.  How can I Renew this?  Microsoft's documentation is confusing at best, and I am concerned that doing any of it on an SBS server could break it.  Any ideas on how to fix this?

Event Log: Application
Windows Event Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Windows Event ID: 64
Windows Event Level: Warning
Windows Event Message: Certificate for local system with Thumbprint bd 46 7f f9 79 e6 e6 69 3a 0d 02 de 9f 3d dd 0e 9b b4 22 18 is about to expire or already expired.

Also, attached is a screen shot of the certificate authority
CodeSigning.JPG
0
Comment
Question by:CoastalSlns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39866144
That message is definitely because your SSL certificate is about to expire.

Since its self-signed, you just need to renew it by doing the following:

1. In the SBS Console, click on Network Tab > Connectivity Tab
2. Click on the certificate icon, then click the “view certificate properties” in the right pane. On the General tab of the new window, it will show the dates that the self-signed certificate is valid.
3. In the “Connectivity Tasks” area, click “setup your Internet address”, go through the wizard to renew your self-signed certificate.
4. Re-check the certificate properties to verify it is now valid for another couple of years
0
 

Author Comment

by:CoastalSlns
ID: 39867222
Jeff,

It's not the certificate for the remote web workplace, OWA, etc.  It's something completely different.  

I found a few other servers we manage have a similar certificate, and it looks like it was issued the day we installed Exchange 2007 SP3.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39868970
Please just run the Wizard in the SBS Console because that will take care of everything your server needs.

Jeff
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:CoastalSlns
ID: 39877970
That does not work.  I have tried running the wizard in the SBS Console, the code signing cert still shows as expiring soon.

I am not sure this certificate is even needed, however, it is interesting that it appeared the same day we installed Exchange 2007 SP3 on these servers.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880293
Ah... does it appear anymore?  Because it would be normal for that error to show during installation of Exchange 2007 SP3.

Jeff
0
 

Author Comment

by:CoastalSlns
ID: 39880572
The code signing certificate is listed a certificate on the server, which is generating the event listed above.  This same event is used to show when any certificate on the server is expiring, so, I monitor event logs for that alert to make sure none of the web services certificates are not expiring.

I think I'll try and delete it and see what happens.  Will report back.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880638
Actually -- I just now saw that the latest Rollup for Exchange 2007 SP3 has been re-released due to this specific problem:
http://exchangeserverpro.com/microsoft-re-releases-exchange-server-update-rollups-due-to-code-signing-issue/


Jeff
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880642
So, you'll want to be sure that gets reapplied:
http://www.microsoft.com/en-us/download/details.aspx?id=34959
0
 

Author Comment

by:CoastalSlns
ID: 39882491
Exchange 2007 SP3 latest update rollup is 12, which was applied to the server.  Additionally,  Update Rollup 8-v2 was applied to these servers back when it was released.  Update Rollup 8 was never installed.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39884966
So, I just looked at an SBS 2008 that I installed for a client a few years ago.  The CodeSigning Certificate was issued for a year, and expired on 1/13/2012.  

I've never had a problem with this server -- so I would say you can safely ignore the warning as SBS 2008 doesn't use that certificate.

Jeff
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question