|
Posted by tashi on November 14, 2008, 4:08 am
Please log in for more thread options
Hi all
Since Windows 2003 Standard CA does not support the creation of
Certificate Templates. I would like to ask if its possible to change the
validity time from the issued certificates?
I found a description through the registry, but this does not work for
me: http://support.microsoft.com/?scid=kb%3Ben-us%3B254632&x=7&y=16
Regards
Tashi
|
|
Posted by Paul Adare on November 14, 2008, 4:27 am
Please log in for more thread options
On Fri, 14 Nov 2008 10:08:30 +0100, tashi wrote:
show/hide quoted text
> Hi all
>
> Since Windows 2003 Standard CA does not support the creation of
> Certificate Templates. I would like to ask if its possible to change the
> validity time from the issued certificates?
>
> I found a description through the registry, but this does not work for
> me: http://support.microsoft.com/?scid=kb%3Ben-us%3B254632&x=7&y=16
>
The validity of a certificate will be the lowest of the following values:
1. The lifetime remaining for the issuing CA's certificate.
2. The value in the certificate template (not applicable in your case).
3. The registry entries described in the KB article you posted.
Either the lifetime remaining in the issuing CA's certificate is less than
the desired lifetime for certificates you want to issue or you've made a
mistake with the registry entries.
On your CA, run the following two commands and then post the output:
certutil -getreg ca\validityperiod
certutil -getreg ca\validityperiodunits
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
|
|
Posted by tashi on November 14, 2008, 5:53 am
Please log in for more thread options Paul Adare schrieb:
show/hide quoted text
> The validity of a certificate will be the lowest of the following values:
>
> 1. The lifetime remaining for the issuing CA's certificate.
> 2. The value in the certificate template (not applicable in your case).
> 3. The registry entries described in the KB article you posted.
>
> Either the lifetime remaining in the issuing CA's certificate is less than
> the desired lifetime for certificates you want to issue or you've made a
> mistake with the registry entries.
>
> On your CA, run the following two commands and then post the output:
>
> certutil -getreg ca\validityperiod
> certutil -getreg ca\validityperiodunits
Hi Paul
Here is the Output from the certutil:
----------
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CIRRUSCA\ValidityPeriod:
ValidityPeriod REG_SZ = Years
CertUtil: -getreg command completed successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CIRRUSCA\ValidityPeriodUnits:
ValidityPeriodUnits REG_DWORD = 4
CertUtil: -getreg command completed successfully.
----------
The CA Certificate is valid for 10 Years. I upload a screenshot from the
CA Certificate.
http://img357.imageshack.us/my.php?image=screenhunter29rp3.jpg
When I submit a certificate request I get certificates with only 2 years
validity.
http://img375.imageshack.us/my.php?image=screenhunter30sn0.jpg
|
|
Posted by Paul Adare on November 14, 2008, 6:06 am
Please log in for more thread options On Fri, 14 Nov 2008 11:53:40 +0100, tashi wrote:
show/hide quoted text
> Hi Paul
>
> Here is the Output from the certutil:
How is the certificate request being generated? On the details tab of an
issued certificate, what if anything is listed in the Certificate Template
Information field?
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
|
|
Posted by tashi on November 14, 2008, 7:45 am
Please log in for more thread options Paul Adare schrieb:
show/hide quoted text
> On Fri, 14 Nov 2008 11:53:40 +0100, tashi wrote:
>
>> Hi Paul
>> Here is the Output from the certutil:
>
> How is the certificate request being generated? On the details tab of an
> issued certificate, what if anything is listed in the Certificate Template
> Information field?
>
The certificate request is generated from a SAP System. The SAP Admin
gave me the request to sign it.
In Details, Certificate Template Name there is the Entry WebServer. This
is the standard Web Server Template. I use the CA Web Service to sumbit
the request.
|
| Similar Threads | Posted | | renew root ca to extend validity period | January 25, 2010, 12:01 pm |
| ca - certificate validity question | November 8, 2008, 5:32 am |
| certificate validity in Certificates MMC snap-in | October 4, 2005, 4:27 pm |
| utility to check certificate validity | October 5, 2005, 8:51 am |
| Certificate template validity extension | September 23, 2009, 6:55 am |
| A Standard windows server 2003 security question | July 27, 2009, 1:06 pm |
| Windows 2003 Standard Edition & Microsoft.XMLHTTP Question | September 30, 2006, 10:25 pm |
| SCEP - Network Device Enrollment Service on Windows 2008 Standard | March 31, 2008, 10:32 am |
| Could not start the Windows Time Error 1300 | June 22, 2005, 10:03 am |
| Windows 2008 Standard : make a group a member of a group not possible ? | September 25, 2009, 10:47 am |
|
>
> Since Windows 2003 Standard CA does not support the creation of
> Certificate Templates. I would like to ask if its possible to change the
> validity time from the issued certificates?
>
> I found a description through the registry, but this does not work for
> me: http://support.microsoft.com/?scid=kb%3Ben-us%3B254632&x=7&y=16
>