Expired Digital Certificate - Microsoft Code Signing PCA


  • I am having problems getting my SCCM console to start quickly. The problem is related to my third party certificate program timing out when SCCM console loads. It turns out that most of the dll files within the console have an expired digital certificate, named Microsoft Code Signing PCA. To view these expired certificates, right click one of the dll files with the console installation select the digtal signatures tab, select the Microsoft signature, click details, and then view the certificate.  Almost all the certificates have expired on these dll files most have an expiration date of 2/22/09. I have checked my test lab and multiple versions SP1 R2 of SCCM they are all showing this expired certificate.

    I have two questions. First, why did Microsoft have expired certificates on the dll files soon? Second, how can I update these certificates on the dll files so they are not expired?


    יום שישי 27 מרץ 2009 19:19


כל התגובות

  • These certificates are used only for signing the binary  so the expiration date is not really used (the binary could be used for 10 years or more without changes).    Is there a way for your third party tool to ignore this warning?
    יום שלישי 14 אפריל 2009 17:16
    מנחה דיון
  • Unfortunelately no.  The third party app identifies the digital certificate request and starts communicating with our CA server, which of course times out as there is no certificate on the server.    This is affecting both SCCM console and WSUS consoles. So far, the only resolution is to disable the third party app while SCCM console is starting, then restarting the service after the console is loaded. I think the problem is with the third party certificate program,  and how it deals with expired certificates.
    יום שלישי 05 מאי 2009 17:55
  • If this was true in 2009 it is no longer true in 2018.

    I had an issue with PowerShell where an expired code signing certificate would not validate and PowerShell declined to load the code without user intervention. Details on this thread.

    יום שלישי 29 מאי 2018 23:55
  • Hi I can confirm the issue is still present on lot of dlls within Outlook 2016 C:\Program Files (x86)\Microsoft Office\Office16\ADDINS\ folder as well, it would be helpful have an update which delivers all these dlls correctly signed with a validity more reasonable as instead of just 1 year.


    • נערך על-ידי Matteo S יום חמישי 20 ספטמבר 2018 12:57
    יום חמישי 20 ספטמבר 2018 12:56