Click here to get back home

renew CA certificate
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
renew CA certificate Carma Trepp 09-19-2005
Posted by Carma Trepp on September 19, 2005, 3:27 pm
Please log in for more thread options
 Hi all

When I renew the CA certificate, I can`t specify the period of validity.
How can I do that?

Thanks.


Posted by Brian Komar [MVP] on September 19, 2005, 9:24 am
Please log in for more thread options
 only_n_groups_account_but_works@yahoo.de says...
> Hi all
>
> When I renew the CA certificate, I can`t specify the period of validity.
> How can I do that?
>
> Thanks.
>
It depends on whether the CA is a root CA or a subordinate CA.
If it is a root CA.

1) Create or edit %windir%\capolicy.inf
2) Add the following content, for example, to renew with a 10 year
validity period and a 2k key

[Version]
Signature="$Windows NT$"

[certsrv_server]
renewalkeylength=2048
RenewalValidityPeriodUnits=10
RenewalValidityPeriod=years

** There are many other entries that are required for a nt to you I am
just focusing on the lines pertinent to your question

3) Renew the certificate

If it is a subordinate CA certificate, then you must configure the
parent CA to define the subordinate CA's validity period. Note that you
can only issue a certificate with a validity period less than the
remaining validity period of the parent CA. To set the validity period
for a subordinate CA, add the following lines to a batch file and run.
This example sets the lifetime to 5 years.


::Set Validity Period for Issued Certificates
certutil -setreg CA\ValidityPeriodUnits 5
certutil -setreg CA\ValidityPeriod "Years"

HTH,
Brian


Posted by Carma Trepp on September 20, 2005, 10:11 am
Please log in for more thread options
Brian Komar [MVP] wrote:
> It depends on whether the CA is a root CA or a subordinate CA.
> If it is a root CA.
>
> 1) Create or edit %windir%\capolicy.inf
> 2) Add the following content, for example, to renew with a 10 year
> validity period and a 2k key
>
> [Version]
> Signature="$Windows NT$"
>
> [certsrv_server]
> renewalkeylength=2048
> RenewalValidityPeriodUnits=10
> RenewalValidityPeriod=years
>
> HTH,
> Brian

Hey thanks you, works great!

Greetings
Carma


Similar ThreadsPosted
Renew Certificate Automatically April 14, 2006, 7:34 pm
How to renew a certificate via CertEnroll web page September 28, 2006, 9:26 am
CA cert renew July 18, 2007, 9:07 am
how to renew the Root CA with longer key length? March 16, 2006, 3:16 pm
"No Certificate Templates Could Be Found" Error Message When User Requests Certificate from CA Web Enrollment Pages September 21, 2006, 1:31 pm
Create Certificate Request for Windows2003 certificate authority without using website March 22, 2006, 8:07 am
Problem when requesting a certificate to IIS server (certificate web enrollment) October 4, 2005, 9:50 am
Restrict AD-User to one X509 Certificate per Certificate template? July 12, 2007, 12:18 pm
Problem when requesting a certificate with IIS (certificate web enrollment) October 4, 2005, 9:45 am
Certificate FQDN example.local domain using example.com certificate October 31, 2006, 7:40 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap