Synctool or PowerShell error - The certificate is expired

Problem

When you run the Synctool or a custom PowerShell script you see the following error:

The certificate is expired. Please link a new certificate to your app and pass the valid value.

You can also see an error in the Entra ID portal saying the certificate attached to the Zivver App Registration is expired. Go to portal.azure.com > Entra ID > App Registrations > Search for ‘Zivver’.

Cause

You are using a self-signed certificate for App-only authentication in Exchange Online. The self-signed certificate has an expiration date with a default of 1 year.

Solution

When the self-signed certificate is expired, you need to create a new self-signed certificate and upload it to the Zivver App Registration in Entra ID and the Zivver Synctool.

Temporary ‘Log on locally permissions’
There are multiple ways to install a certificate in the personal certificate store of a service account. This video utilizes the Security Policy ‘Log on locally’ to temporarily allow the service account to run the certificate snap-in for installation of the new self-signed certificate.

Make sure to remove the service account from the Security Policy ‘Log on locally’ as you do not want to give service accounts permission to log on locally on a Windows Server.

Please watch the video directly on YouTube if the video isn’t loading on this page.

Video Timestamps

References