My WSUS self-signed certificate is expiring later this year. In preparation for this I have gone through the procedure again and now have a certificate valid until sometime in 2022.
I have pushed out the new certificate alongside the old one in my Group Policy, and have successfully published and deployed updates using this new certificate.
In a few months, when the old certificate has expired, I expect that if I were to build a new machine from my standard image and attempt to update it, I would have updates fail to install which were signed with the old certificate. If this is indeed the case, what would be the proper method for re-publishing those old but still valid updates when the time comes? Or, is the certificate still considered valid based on it's being valid on the date it was used to sign the update package?
Hey!
If you are using a self-signed certificate the updates will likely fail after the expire date since they won't be time-stamped. From SCUP, you can re-publish updates published with the old cert using the option below:
(http://i.imgur.com/HaBu8DN.jpg)
Quote from: Pepper on August 14, 2017, 10:34:09 AM
My WSUS self-signed certificate is expiring later this year. In preparation for this I have gone through the procedure again and now have a certificate valid until sometime in 2022.
I have pushed out the new certificate alongside the old one in my Group Policy, and have successfully published and deployed updates using this new certificate.
In a few months, when the old certificate has expired, I expect that if I were to build a new machine from my standard image and attempt to update it, I would have updates fail to install which were signed with the old certificate. If this is indeed the case, what would be the proper method for re-publishing those old but still valid updates when the time comes? Or, is the certificate still considered valid based on it's being valid on the date it was used to sign the update package?
OK, just to confirm, here's what I did.
- In SCUP, go to "All Software Updates" and sort by date published.
- Select all non-expired updates with a published date older than when I replaced the certificate.
- Click Publish, tick the box you showed me which I had never noticed was there before, and then just wait a while for it to do the job.
That should take care of it, and after it's done it would be safe to remove the old certificate from my Group Policy, correct?
That's correct. To be safe you will probably want to stop the updates from being deployed in the Update Group, remove the updates from the deployment package, then after re-publishing them and resyncing your SUP, re-download and deploy them in SCCM to ensure you get the newly signed files.
As Admin Justin mentioned here, with R2 WSUS not taking a certification, when using SCUP 2011 so you will have the message ÔÇ£The test connection succeededÔÇØ. Conversely, no login certificate was noticed for the updated server. Without first registration no one is not able to publish content. IÔÇÖm Microsoft certified system engineer as well as essayist at Assignment Writing Help UK (Removed URL) firm and I think that there should be updates available for new signing.
Cute attempt at being a spambot, spambot. 8)
I'm glad I found these recommendations.
Quote from: Justin Chalfant (Patch My PC) on August 14, 2017, 05:17:54 PMHey!
If you are using a self-signed certificate the updates will likely fail after the expire date since they won't be time-stamped. From SCUP, you can re-publish updates published with the old cert using the option below:
(http://i.imgur.com/HaBu8DN.jpg)
Quote from: Pepper on August 14, 2017, 10:34:09 AMMy WSUS self-signed certificate is expiring later this year. In preparation for this I have gone through the procedure again and now have a certificate valid until sometime in 2022.
I have pushed out the new certificate alongside the old one in my Group Policy, and have successfully published and deployed updates using this new certificate.
In a few months, when the old certificate has expired, I expect that if I were to build a new machine from my standard image and attempt to update it, I would have updates fail to install which were signed with the old certificate. If this is indeed the case, what would be the proper method for re-publishing those old but still valid updates when the time comes? Or, is the certificate still considered valid based on it's being valid on the date it was used to sign the update package?
Updating the certificate may cause an error. In this case, you should contact the residency personal statement editor (https://residencypersonalstatements.net/) for professional help. It happens rarely, but this error cannot be corrected by yourself.
Thanks for the recommendation.