How to Re-sign and Deploy Updates After Renewing a Certificate
Show Me!
A video tutorial is available on this topic. To access the video, click the following link:
Overview Information
After renewing your signing certificate, if you are not using a timestamp server, then you must re-sign and then deploy or re-deploy your updates. How you do this depends on the current state of your updates.
Scenario 1: You have updates that were published with an old certificate but have not been deployed.
1.Re-sign the updates.
2.Perform a synchronization with WSUS.
Your updates are now ready to be deployed.
Scenario 2: You have updates that were published with an old certificate and they have been deployed.
In this scenario you need to modify each deployment package that contains a re-signed update. You must delete each update that was signed with the old certificate and replace each one with the newly signed updates.
1.Re-sign the updates.
2.Perform a synchronization with WSUS.
3.Delete the updates from the deployment package(s).
a. Within the Configuration Manager Software Library workspace, expand the Software Updates folder and click on Deployment Packages.
b. Double-click a deployment package that contains a re-signed update.
This will open the deployment package.
c. Within the deployment package, right-click the updates you re-signed and then choose Delete.
d. At the confirmation prompt, clear the Refresh Distribution Points check box and then click OK.
If you receive a warning indicating that deployments will fail, click OK.
e. Repeat Steps b – d for each deployment package that contains a re-signed update.
4.Download the newly signed updates and add them back to the deployment package(s).
a. Select the All Software Updates folder.
b. Right-click an update you just deleted and then choose Download.
The Download Software Updates Wizard is displayed.
c. Choose Select a deployment package and then specify the deployment package you deleted the update from in Step 3.
d. Complete the download by clicking Summary and then Next.
e. Repeat Steps b – d for each update that you deleted.
Tip: If the updates belong to a software update group you can download the group instead of the individual updates.