So my Code Signing certificate was running out, so I renewed it from my Enterprise CA. Put that new certificate in the GPO to deploy that certificate to all servers and clients as a Trusted Publisher. I do not add it to the Root certificates since it is an Enterprise CA signed certificate the Root of the Domain CA is trusted. This works fine. Verified the servers and clients got the certificate. In Shavlik Patch add-in in SCCM Console, opened settings and added the new certificate. Went to my Published Third-Party Updates and "Resigned" all of them. Followed the AutoPublish log file, all resigned successfully.
When I tried running the 3rd Party updates from OSD I error stating "not trusted", those are below.
FATAL: Error: 0x800b0101 when verifying trust for C:\WINDOWS\SoftwareDistribution\Download\f7bf7d67462c3c29b29c2ee8067a74fd_ctc\984ad00b-ba88-44ed-8e7a-809bd38d6a40_1.cab
WARNING: Digital Signatures on file C:\WINDOWS\SoftwareDistribution\Download\f7bf7d67462c3c29b29c2ee8067a74fd_ctc\984ad00b-ba88-44ed-8e7a-809bd38d6a40_1.cab are not trusted: Error 0x800b0101
That was because I forgot to update the package I use to deploy the trusted publisher certificate and registry keys needed to deploy 3rd party updates during OSD. Fixed that package and the errors went away. So now it recognizes the certificate and trusts it.
Now to the current problem, I am getting a download error on any updates that were already deployed before I resigned them. New updates I download for this month are signed, deploying, and installing properly. However, the update I had already deployed are not.
So with that in mind, I figured "Update Distribution Points" on the package containing the 3rd party updates. Still not working. Then went back to Shavlik Third-Party Updates and Republished all the updates I had previously deployed. This was successfully according to the AutoPublish log, but still did not resolve the issue. I then "Update Distribution Points" on the package containing the 3rd party updates, again. Still no luck.
Additional information, in "All Software Updates" I found that the "Date Released or Revised" is not updated. I don't know if it should be or not.
So need some help as to what may be going on. Secondly, even if someone can provide the proper procedure for resigning updates I can see if I was doing it right.