Root CA Certificate Expired

Posted on 2009-07-13
Medium Priority
Last Modified: 2012-05-07
Have a Root CA Certificate that has expired that is used for our Exchange OWA security.  Is there a way to renew and extend the certificate?  Please include explicit directions, if so.  If not, what is the quickest and simplest way to get another cert. in place and working?  Thanks!
Question by:rstorm1

Expert Comment

ID: 24840617

Author Comment

ID: 24840802
dexIT, If that is the best you can do, please just decline to answer at all next time.  You may be preventing others by answering when they see someone has already commented on this.
This appears to be a self-signed certificate.  Experts, I inherited this situation and don't know a lot about the certificate process.  Therefore, explicit help will be very appreciated.  Is there a way to renew and extend the certificate?
LVL 20

Accepted Solution

MightySW earned 1000 total points
ID: 24840878
These instructions are for a self signed certificate.  If you have a godaddy, or verisign, or thwate cert then you will have to go through them to get another cert.

Go to IIS on the exchange, right click my computer, manage, goto IIS and expand web sites and right click on default web sites, goto  server and to the directory security tab.  

Click on Server Certificate button, click next, and chose Renew the current certificate, click next.  

Select send the request immediately to an online CA and click next.  It will show you the server that is the CA in the domain.  Click next.  It will come to a verification/submission screen.  Ensure everything is correct and click next to submit.

Now that you have submitted a renewal request, you have to goto the CA and accept it.  It would be easier if you followed the steps listed here:

Skip down to the section listed: Getting the Pending Request accepted by our Certificate Authority and follow those steps.

HTH and good luck.

LVL 31

Assisted Solution

Paranormastic earned 1000 total points
ID: 24841177
On the root CA... "certutil -renewcert" - this will renew the CA certificate.  You can also do this from within the CA MMC if you want.

This might be a useful reference for the naming system post-renewal.

You will need to deploy the new root cert manually, via GPO, etc.  All certs issued under this root (including subordinate CA servers if present) would have expired at the same time.  You will need to create a new cert request as described above by mightysw.

Remember to copy your new CA cert to the AIA location(s) defined on the Extensions tab of the CA properties within the CA MMC, as well as the new CRL.  Make sure to back up the CA database, the new private key, and a copy of the first CRL to removable media (e.g. floppy or flash drive) and keep that locked up.  You can use the CA MMC - right click CAName - all tasks - backup CA to backup the db and private key.  Also make sure to make a fresh full system backup.

Author Closing Comment

ID: 31602860
Thanks, guys, you're the greatest!

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question