Pages

Thursday, September 13, 2018

Attempting to request a certificate for Skype for Business Server 2015 from an internal Microsoft Enterprise CA throws the error: "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED)”

Problem

You’re attempting to renew the Skype for Business Server 2015 front-end server with an internal Microsoft Enterprise Certificate Authority but receive the following error:

> Request CertificateRequest-CSCertificate -New -Type Default,WebServicesInternal -CA "DC1.corp.contoso.bm\Contoso CA" -Country "BM" -State "Hamilton" -City "Hamilton" -FriendlyName "Skype for Business Server 2015 Default certificate 9/12/2018" -KeySize 2048 -PrivateKeyExportable $False -Organization "Contoso" -OU "IT" -AllSipDomain -Verbose -Report "C:\Users\administrator\AppData\Local\Temp\Request-CSCertificate-[2018_09_12][13_59_43].html"Creating new log file "C:\Users\ccs.contosoCORP\AppData\Local\Temp\Request-CSCertificate-[2018_09_12][13_59_43].xml".Create a certificate request based on Skype for Business Server configuration for this computer.Creating new log file "C:\Users\ccs.contosoCORP\AppData\Local\Temp\Request-CSCertificate-[2018_09_12][13_59_43].html". WARNING: Request-CSCertificate failed. WARNING: Detailed results can be found at "C:\Users\ccs.contosoCORP\AppData\Local\Temp\Request-CSCertificate-[2018_09_12][13_59_43].html".Command execution failed: Error Parsing Request A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495 CERT_E_EXPIRED)

image

Solution

One of the reasons why this error would be thrown if you are using an internal Microsoft Enterprise CA is if the issuing Root CA’s certificate has expired. If you are able to confirm that this is the cause then simply log onto the Root CA’s Certificate Authority administration console and renew the certificate then request a new certificate:

image

No comments: