|
Posted by Wayne Anderson on February 7, 2007, 1:19 am
Please log in for more thread options There are a few resources you may want to look at for your situation:
Some scripts to automate configurations on your PKI server setup, including
validity length.
http://technet2.microsoft.com/WindowsServer/en/library/091cda67-79ec-481d-8a96-03e0be7374ed1033.mspx?mfr=true
Also, from the documentation at
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx:
1.If required, specify a new key size in CAPolicy.inf.
2. Renew the CA certificate. (See the procedure in the product documentation.)
3. Publish the new CA certificate to:
• The Active Directory Trusted Certification Authorities store
• The Web server AIA publishing point
• The Trusted Root Certification Authorities local store on each of the
Intermediate CAs
See Publishing the Offline Root CA.
4. Issue a new CRL from the root CA and publish it to the Web server CDP
publishing point.
5. If you have not updated your intermediate CAs to Windows Server 2003
Service Pack 1, you need to publish the root CA CRLs to the local certificate
store of the intermediate CA(s). See Publishing CRLs of the Root CA to the
Offline Intermediate CAs.
Using the two, essentially configure the length, and then go through the
renewal process.
--
Wayne Anderson
http://blog.avanadeadvisor.com/blogs/waynea/
"Brian Komar" wrote:
> boon@noemail.noemail says...
> > Hi,
> >
> > I want to shorten the period. Everytime I renewed, it increased the period.
> >
> > Regards
> >
> > > boon@noemail.noemail says...
> > >> Hi,
> > >>
> > >> During installation for our Windows 2003 Server's certificate authority,
> > >> we
> > >> have generated the root certicate's valid period till 2086. Is there any
> > >> way
> > >> we can reduce the period or re-issue the root certicate to a shorter
> > >> period?
> > >>
> > >> Thanks in advance.
> > >>
> > >>
> > >>
> > > You can renew the certificate, designating the new
> > > validty period and key length (if required) in the
> > > capolicy.inf file.
> > > See the Best Practices whitepaper for details at
> > > www.microsoft.com/pki
> > >
> > > Brian
> >
> >
> >
> Did you read the whitepaper?
> The details for a root CA are in the best practices
> Brian
>
| 
XML Sitemap