How to Re-sign and Deploy Updates After Renewing a Certificate

Show Me!

A video tutorial is available on this topic. To access the video, click the following link:

Watch a related video (9:32)

Overview Information

After renewing your signing certificate, if you are not using a timestamp server, then you must re-sign and then deploy or re-deploy your updates. How you do this depends on the current state of your updates.

Scenario 1: You have updates that were published with an old certificate but have not been deployed.

1.Re-sign the updates.

2.Perform a synchronization with WSUS.

Your updates are now ready to be deployed.

Scenario 2: You have updates that were published with an old certificate and they have been deployed.

In this scenario you need to modify each deployment package that contains a re-signed update. You must delete each update that was signed with the old certificate and replace each one with the newly signed updates.

1.Re-sign the updates.

2.Perform a synchronization with WSUS.

3.Delete the updates from the deployment package(s).

a. Within the Configuration Manager Software Library workspace, expand the Software Updates folder and click on Deployment Packages.

b. Double-click a deployment package that contains a re-signed update.

This will open the deployment package.

c. Within the deployment package, right-click the updates you re-signed and then choose Delete.

d. At the confirmation prompt, clear the Refresh Distribution Points check box and then click OK.

If you receive a warning indicating that deployments will fail, click OK.

e. Repeat Steps b – d for each deployment package that contains a re-signed update.

4.Download the newly signed updates and add them back to the deployment package(s).

a. Select the All Software Updates folder.

b. Right-click an update you just deleted and then choose Download.

The Download Software Updates Wizard is displayed.

c. Choose Select a deployment package and then specify the deployment package you deleted the update from in Step 3.

d. Complete the download by clicking Summary and then Next.

e. Repeat Steps b – d for each update that you deleted.

Tip: If the updates belong to a software update group you can download the group instead of the individual updates.