I have a CA that is expiring in 1 year. I wish to create user certificates for 30 years, but MS support says that they cannot be created for a period longer than the CA expiration. I do not want to re-create my certificate authority to do this, since i have a lot of user certs already out there. I found the registry entries ValidityPeriod & ValidityUnits, and changed them to reflect the 30 years I need, but since they exceed the CA that is installed I would have to re-issue that new CA to get those registry changes.
How do i do this?