Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > How to regenerate a Patch Manager publishing certificate after applying Microsoft KB2734608

How to regenerate a Patch Manager publishing certificate after applying Microsoft KB2734608

Updated January 24, 2018


This article addresses the following Microsoft KB article related to WSUS:

An update for Windows Server Update Services 3.0 Service Pack 2 is available (KB2734608) (© 2017 Microsoft, available at, obtained on May 11, 2017.)


All Patch Manager Versions


Microsoft released KB2734608 to prepare WSUS for an upcoming Microsoft update that blocks all RSA-based certificates with a key length of 1024 bits or less. After you apply this update, your WSUS server generates 2048-bit publishing certificates instead of the non-secure 512-bit certificates. This update can impact your current Patch Manager deployment. 


After you apply the KB2734608 update, SolarWinds recommends that you regenerate all WSUS publishing certificates to ensure a seamless transition in your deployment.

Due to the relationship these certificates have with your previously-published packages and your client systems, the general procedure for this process is:

  1. Apply Microsoft KB2734608 on your Patch Manager server (Primary Application Server).
  2. Generate the new publishing certificate(s) using the procedure in this article. Do not distribute the existing WSUS signing certificate to your publishing servers. 
  3. Re-provision all systems with the new certificate. This includes the Patch Manager and WSUS servers/consoles and all managed clients.

See Configure the publishing servers in the Patch Manager Administrator Guide for additional details.

Generate a new publishing certificate

Perform the following steps to generate a new publishing certificate for your Patch Manager server, upstream and downstream WSUS servers, and all managed clients in your Patch Manager deployment:

  1. Back up your Patch Manager server
  2. Log in to the Patch Manager Administrator Console as an administrator. 
  3. In the navigation pane, expand Administration and Reporting and select Software Publishing.
  4. In the Actions pane, click Server Publishing Setup Wizard.
  5. Complete the fields in the Provision WSUS Server for Publishing Wizard.
    1. Click the WSUS Server drop-down menu and select your WSUS server.
      Patch Manager populates the remaining fields.
    2. Select Create self-signed certificate, and click Next.
    3. Review the content in the dialog box, and click Yes to continue.
  6. Select the Patch Manager servers, publishing servers, and downstream servers that require the publishing certificate, and then click Next.
  7. Review the summary screen for any errors, and click Finish.
    A dialog box displays, instructing you to configure your managed clients.
  8. In the dialog box, click OK. 
  9. Re-provision all systems with the new certificate. This includes the publishing servers, upstream and downstream WSUS servers, and all managed clients.
Last modified