This problem can be resolved by first determining what the certificate which has expired or will soon expire is being used for. The diagnostic report provides critical information for discovering what that certificate can be used for.
Items which can help you understand what the certificate is being used for are:
- What Key Usage or Enhanced Key Usage items are defined for this certificate. These fields indicate specific allowed uses for a certificate and are usually a strong indication of what a certificate is being used for.
- What store the certificate is in.
- The issuer of the certificate.
- A subject name or subject alternative name. For example, web sites using certificates for SSL require the subject name to match the site name.
- If issued by an Enterprise Certificate Authority the template used for the certificate issuance will have information in it. Template name can often indicate intended use of the certificate.
- Certificates which were not issued by a certificate authority are called self signed certificates. If the certificate is self signed the field will indicate 'true'.
- Certificate authority certificates are indicated as being so, as are subordinate certificate authority certificates.
- The thumprint and serial number of certificates (items which are always unique for any individual certificate) are shown in order to indicate unique information about that certificate in case the certificate must be searched for in MMC or other method.
Once the type and use of the certificate is determined you will need to replace the certificate, and then configure the application(s) or service(s) which use the certificate to use the new certificate. The application or service configuration will be unique and you will likely need to consult documentation (KB, TechNet or MSDN) documentation or collaborate with another engineer who specializes in that technology to do that final step.