Maintain control of your Microsoft 365 data
Post Reply
JonJR
Enthusiast
Posts: 39
Liked: 17 times
Joined: Mar 21, 2017 11:25 pm
Full Name: Jon Rhoades
Contact:

Certificate Expired for Modern Auth - how to renew?

Post by JonJR »

Case #04543911

We started using modern Auth a year ago and now the certificate has expired. I don't think I got a message warning me of the expiry - the error message when a job tries to run is:

Code: Select all

AADSTS700027: Client assertion contains an invalid signature. [Reason - The key used is expired., Thumbprint of key used by client: 'A965260A794F....
The docs say (https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=50) to update a cert, right click the org and select "Manage a backup application", this however is not selectable. Selecting "manage backup accounts" just gives a variation of the above error. If I select "Edit Organisation", then I can select and/or install a certificate, but I can't generate one.

I could go into Windows certman and create a certificate and I imagine that would import fine, but I didn't know if this was the right thing to do. I upgraded to v5 to see if it helped, it did not.

Cheers Jon
JonJR
Enthusiast
Posts: 39
Liked: 17 times
Joined: Mar 21, 2017 11:25 pm
Full Name: Jon Rhoades
Contact:

Re: Certificate Expired for Modern Auth - how to renew?

Post by JonJR »

Thanks to Fouad in Support, he quickly saw that I still had "Allow for Legacy Auth protocols" enabled. Disabling this then gave the option to renew the certificate and we are all good.

What I find a bit odd is the last certificate was only valid for a year, I don't recall why this was selected. Whereas the new one is valid for 10 years, which is much better!
Mike Resseler
Product Manager
Posts: 8286
Liked: 1361 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Certificate Expired for Modern Auth - how to renew?

Post by Mike Resseler » 1 person likes this post

Hey Jon,
Happy that Fouad has fixed it for you :-)

Most likely you have created that first certificate (with the legacy auth protocols) before we had full MFA support. In that case, if I am not mistaken, the default is indeed 1 year.

Cheers
Mike
Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests