The Single Sign-on Service generates event log alerts just prior to and upon signing certificate expiration. Create a new certificate to stop event log alerts. Use CtxCreateSigningCert.exe to create a new certificate. Use the Data Signing Tool, CtxSignData.exe, to sign the data (using keys supplied by the new certificate) in your central store.
You do not need to create a new signing certificate after you first configure the Single Sign-on Service unless one of the following statements is true:
- Your signing certificate is about to expire or has expired
- You believe your signing certificate is compromised
To create a new certificate, you must run CtxCreateSigningCert.exe, available from the %ProgramFiles%\Citrix\MetaFrame Single Sign-on\Service folder. At a command prompt of the computer running the Single Sign-on Service, type CtxCreateSigningCert.exe.
Enter the public key file name, the private key file name, and the time, in months, before the signing certificate expires. The new certificate is created.