Certificate Expired

Author
jmiller120
New Member
  • Total Posts : 14
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/04/15 11:48:18
  • Status: offline
2008/12/08 20:25:46 (permalink)
0

Certificate Expired

I am running SCCM in native mode, and my certificate expired.  Has anyone run into this?  The error message is:
The site server signing certificate has expired 10 day(s) ago. Please replace/renew the certificate. The Policies at this Site will be re-signed by the Site Server using the new signing certificate.
 
What is the best way to handle this?
#1

6 Replies Related Threads

    mhudson
    Expert Member
    • Total Posts : 794
    • Scores: 33
    • Reward points: 27620
    • Joined: 2007/04/01 20:55:33
    • Location: College Station, TX
    • Status: offline
    RE: Certificate Expired 2008/12/08 20:45:03 (permalink)
    0
    Yup, 2 weeks ago.  Just replace the cert with a new one and then go into Site Mode and change it there.  The clients will pick it back up.  You will see Policy errors in the Policy log on the clients until there.  It takes the clients about 2 policy cycles to correct.
    #2
    jmiller120
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2008/04/15 11:48:18
    • Status: offline
    RE: Certificate Expired 2008/12/08 21:14:27 (permalink)
    0
    I'm using a INF file to generate my csr request - is there a way to define the valid time for it?  i'm a bit rusty.  This may be out of the scope of this forum though...
    Here is the INF file that i use for my CSR:
     
    [NewRequest]
    Subject = "CN=The site code of this site server is 001"
    EncipherOnly = FALSE
    Exportable = TRUE   ; FALSE = Private key is not exportable
    KeyLength = 1024    ; Common key sizes: 512, 1024, 2048,
          ;    4096, 8192, 16384
    KeySpec = 1         ; Key Exchange
    KeyUsage = 0xA0     ; Digital Signature, Key Encipherment
    MachineKeySet = True
    ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
    ProviderType = 12
    RequestType = CMC   ; Omit entire section if CA is Enterprise
    [EnhancedKeyUsageExtension]
    OID=1.3.6.1.4.1.311.10.3.12 ; Document Signing
    [RequestAttributes]
    CertificateTemplate = SCCM_Authority
    #3
    mhudson
    Expert Member
    • Total Posts : 794
    • Scores: 33
    • Reward points: 27620
    • Joined: 2007/04/01 20:55:33
    • Location: College Station, TX
    • Status: offline
    RE: Certificate Expired 2008/12/08 21:29:00 (permalink)
    0
    The time needs to be defined in the template not the inf file.
    #4
    jmiller120
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2008/04/15 11:48:18
    • Status: offline
    RE: Certificate Expired 2008/12/10 19:29:11 (permalink)
    0
    I am getting the following errrors since i reissued a new certificate and changed it out:
    MP Control Manager detected DMP is not responding to HTTP requests.  The http error is 12152.
     
    MP Control Manager detected management point is not responding to HTTP requests.  The HTTP status code and text is 500, Internal Server Error.
     
    In the ccmexec.log file on a client i'm testing, the log has the following errors:
    The 'Certificate Store' is empty in the registry, using default store name 'MY'. CcmExec 12/10/2008 6:27:47 PM 2960 (0x0B90)
    Raising event:
    instance of CCM_ServiceHost_CertRetrieval_Status
    {
     ClientID = "GUID:1EE9D7AC-D52D-43C9-A6D0-EC1217AF7B05";
     DateTime = "20081211002747.447000+000";
     HRESULT = "0x00000000";
     ProcessID = 3392;
     ThreadID = 2960;
    };
     CcmExec 12/10/2008 6:27:47 PM 2960 (0x0B90)
    Failed in WinHttpReceiveResponse API, ErrorCode = 0x2f78 CcmExec 12/10/2008 6:27:47 PM 2960 (0x0B90)
    [CCMHTTP] HTTP ERROR: URL=http://Kennedy.rowancompanies.com/ccm_system/request, Port=443, Protocol=https, SSLOptions=63, Code=12152, Text=ERROR_WINHTTP_INVALID_SERVER_RESPONSE CcmExec 12/10/2008 6:27:47 PM 2960 (0x0B90)
    Raising event:
    instance of CCM_CcmHttp_Status
    {
     ClientID = "GUID:1EE9D7AC-D52D-43C9-A6D0-EC1217AF7B05";
     DateTime = "20081211002747.494000+000";
     HostName = "Kennedy.rowancompanies.com";
     HRESULT = "0x80072f78";
     ProcessID = 3392;
     StatusCode = 0;
     ThreadID = 2960;
    };
     CcmExec 12/10/2008 6:27:47 PM 2960 (0x0B90)
    #5
    jmiller120
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2008/04/15 11:48:18
    • Status: offline
    RE: Certificate Expired 2008/12/10 21:31:43 (permalink)
    0
    I just noticed that the sms agent host service on the SCCM server (all roles are on one server) was set to disabled.  As soon as i kicked it on, it looks like everything started running smoothely again.  After it was enabled, it updated the URL to connect via https, and updated the certificates on the clients. 
    #6
    mhudson
    Expert Member
    • Total Posts : 794
    • Scores: 33
    • Reward points: 27620
    • Joined: 2007/04/01 20:55:33
    • Location: College Station, TX
    • Status: offline
    RE: Certificate Expired 2008/12/11 08:43:32 (permalink)
    0
    I am glad to see you have it working.  I was not so sure what would happen when we went through the process but we did come out unharmed :)
    #7
    Jump to:
    © 2018 APG vNext Commercial Version 5.5