CMG Certificates

Duchemin, Dominique 2,006 Reputation points
2023-06-30T18:50:23.9033333+00:00

Hello,

I have the certificates expired in Test and Production:

VITSCCMCB
The Service certificate was invalid for cloud service CMGO365QA. Please check CloudMgr.log for further details.
ERROR: Management certificate for service CMGO365QA is in expired state. Expiry date-time(UTC):11/13/2022 09:19:43 SMS_CLOUD_SERVICES_MANAGER 6/30/2023 10:42:06 AM 9020 (0x233C)
ERROR: Service Certificate is expired for Service CMGO365QA. SMS_CLOUD_SERVICES_MANAGER 6/30/2023 10:42:06 AM 9020 (0x233C)

VRPSCCMPR01
The Service certificate was invalid for cloud service CMGO365PROD. Please check CloudMgr.log for further details.
ERROR: Management certificate for service CMGO365PROD is in expired state. Expiry date-time(UTC):06/11/2023 13:55:47 SMS_CLOUD_SERVICES_MANAGER 6/30/2023 10:52:04 AM 8824 (0x2278)
ERROR: Service Certificate is expired for Service CMGO365PROD. SMS_CLOUD_SERVICES_MANAGER 6/30/2023 10:52:04 AM 8824 (0x2278)

But apparently no complain from anybody… what should be the behavior when the certificate is expired?

Should something stop working?


Also I noticed in Test I have 1 certificate
CN = CMGO365QA.Cloudapp.net

but in Production I have two:
CN = CMGO365PROD.Cloudapp.net
and
CN = cmgo365prod.westus.cloudapp.azure.com

Why this difference?

Thanks,
Dom

Microsoft Configuration Manager
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AllenLiu-MSFT 47,626 Reputation points Microsoft Vendor
    2023-07-03T02:20:35.53+00:00

    Hi, @Duchemin, Dominique

    Thank you for posting in Microsoft Q&A forum.

    It is expected that services will continue to run after certificate expiration, but it is not recommended to let certificates expire. While it is possible to continue running services, expired certificates can lead to security issues and other potential problems.

    Regarding the difference in the number of certificates between Test and Production environments, this may be due to different certificate requirements for the two environments. Typically, a production environment may require additional certificates for redundancy or security reasons.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.