Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

MS Certificate Authority expiring

I have a CA that is expiring in 1 year.  I wish to create user certificates for 30 years, but MS support says that they cannot be created for a period longer than the CA expiration.  I do not want to re-create my certificate authority to do this, since i have a lot of user certs already out there.  I found the registry entries ValidityPeriod & ValidityUnits, and changed them to reflect the 30 years I need, but since they exceed the CA that is installed I would have to re-issue that new CA to get those registry changes.

How do i do this?

--dan
0
teknorapex
Asked:
teknorapex
1 Solution
 
SunBowCommented:
You have to use/change it at the root authority level. You cannot simply change a reg entry to make certificates work on the net.

You can get a new certificate with the same name, at least my company did. Dunno why. (politics?).  Maybe take a look at MS alternative like Thawte or <ugh> verisign. Maybe Western Union.
0
 
pcssecureCommented:
You can renew the CA before it expires.  This way, the CA will last longer than its original expiry date.  
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now