How to update Essentials certificates

Essentials 2010 uses a certificate for signing locally published content. The released version of System Center Essentials 2010 is designed to use an updated type of certificate. Use the UpdatePublisherCert.exe tool to replace the existing certificate with a new certificate.

The UpdatePublisherCert.exe tool performs the following tasks:

1. Save the current policy configuration

2. Uninstall the current policy

3. Delete certificates from the certificate store

4. Delete certificates from the system

5. Reconfigure the policy and generate new certificates

6. Resign all locally published software and update packages.

Essentials will automatically push out the new certificates to all the managed computers if Essentials is configured to use domain policy. If you have one or more workgroup joined computers managed by Essentials 2007 or Essentials 2010 it will be necessary to manually update the certificate on workgroup joined computers using the instructions in the Deployment Guide. https://technet.microsoft.com/en-us/library/cc339469.aspx

Who should use this tool:

Use the UpdatePublisher.exe tool if one of the following conditions apply:

· You are currently using System Center Essentials 2007

· You are upgrading from Essentials 2007 to Essentials 2010

· You are installing Essentials 2010 RTM, after installing and uninstalling Essentials 2010 Beta or RC (uninstalling Essentials 2010 Beta or RC does not remove the certificate)

Using UpdatePublisherCert.exe

UpdatePublisherCert.exe is a command-line tool that replaces the certificate used for signing locally published content and resigns all locally published content with the new certificate.

1. Open a Command Prompt window with Administrator rights.

2. Run UpdatePublisherCert.exe (there are no command-line-parameters).

Figure 1. Running UpdatePublisherCert.exe from a command line.