How to Re-sign and Deploy Updates After Renewing a Certificate

Show Me!

A video tutorial is available on this topic. To access the video, click the following link:

Watch a related video (9:32)

Overview Information

After renewing your signing certificate, if you are not using a timestamp server, then you must re-sign and then deploy or re-deploy your updates. How you do this depends on the current state of your updates.

Scenario 1: You have updates that were published with an old certificate but have not been deployed.

  1. Re-sign the updates.
  2. Perform a synchronization with WSUS.

Your updates are now ready to be deployed.

Scenario 2: You have updates that were published with an old certificate and they have been deployed.

In this scenario you need to modify each deployment package that contains a re-signed update. You must delete each update that was signed with the old certificate and replace each one with the newly signed updates.

  1. Re-sign the updates.
  2. Perform a synchronization with WSUS.
  3. Delete the updates from the deployment package(s).
    1. Within the Configuration Manager Software Library workspace, expand the Software Updates folder and click on Deployment Packages.
    2. Double-click a deployment package that contains a re-signed update.
      This will open the deployment package.
    3. Within the deployment package, right-click the updates you re-signed and then choose Delete.
    4. At the confirmation prompt, clear the Refresh Distribution Points check box and then click OK.
      If you receive a warning indicating that deployments will fail, click OK.
    5. Repeat Steps b – d for each deployment package that contains a re-signed update.
  4. Download the newly signed updates and add them back to the deployment package(s).
    1. Select the All Software Updates folder.
    2. Right-click an update you just deleted and then choose Download.
      The Download Software Updates Wizard is displayed.
    3. Choose Select a deployment package and then specify the deployment package you deleted the update from in Step 3.
    4. Complete the download by clicking Summary and then Next.
    5. Repeat Steps b – d for each update that you deleted.

Tip: If the updates belong to a software update group you can download the group instead of the individual updates.