WINHTTP_CALLBACK_STATUS_FLAG_CERT_DATE_INVALID is set

[Chris Payne]

In our SCCM environment we use HTTPS only for communication. Two weeks ago I replaced our existing certificate for our IIS server with a new since the existing one was set to expire on 3/2. On Monday clients started getting the following error message when trying to PXE for an image: (See 1st image, I have removed the IP address information).

When I looked at the SMSPXE.LOG I found the following: (See 2nd image)

When I looked at the SMSPXE.LOG I found the following:

I have verified that the HTTPS bindings for the default website is using the correct certificate and that certificate does not expire till 2026. The certificate was replaced before the old one was set to expire. I also did a NETSH HTTP SHOW SSLCERT IPPORT=0.0.0.0:443 and verified that the certificate hash matched the certificate thumbprint of the SSL certificate in the site binding. I have removed the old certificate and restarted the server but clients are still getting that error message and the same WINHTTP_CALLBACK_STATUS error message is still the same. I have spent the last two days reviewing different articles and suggestions regarding this error and I am not sure how to proceed. I would be very grateful for any suggestions.

Thanks!

Edited yesterday at 04:25 PM by Chris Payne
Corrected format

[anyweb]

have you verified that the cert in your dp is updated also ?

 

see step 5 here