Do I need to Renew my Belgacom E-Trust Primary Certificate or does is it Re-Generates itself on my Windows 2003 Network Servers ?

Posted on 2010-01-04
Last Modified: 2012-05-08
Hi, to it may concern,
I have three Dell Power Edges computers thats running Windows 2003 Server Operating Applications and each computer is using the IEEE 802.1 Eap type Certificate for Authentication use on the Network.
I notice that the Belgacom E-Trust Primary CA certificate is close to Expiring and is only Valid from 11-4-1998 to 1-21-2010

Does Belgacom E-Trust Primary CA Certificate Re-Generate by itself on the Servers or do I need to Re-Generate with a new Valid Date ??   Please let me know ASAP what needs to be done if possible.
Question by:baeind
    LVL 31

    Expert Comment

    If memory serves, Belgacom root will just be expiring.  You will need to replace your existing certificates with one issued from a different root.  They are now issuing their certificates under the GTE Cybertrust root certificate as Certipost, which the GTE root is still valid for a number of years to come and is owned by Verizon Business, who sells subordinate CA certs to larger companies such as this.  

    Their new certificate chain is all valid until the issuing CA's expiration in 2015.  If you wish to maintain presence with that company, Belgacom now sells certs under the Certipost name:
    LVL 31

    Expert Comment

    (you need to do this yourself - the replacement server cert is a purchased product and does not automatically renew, and it does not appear that belgacom is maintaining their root directly anymore, else it would have been updated a couple years ago)

    Author Comment

    Whats the most that can happen if My Belgacom E-Trust Primary CA Expires on my Server Machines ?

    If possible Tell me how to INSTALL and go about Re-Generating a New Belgacom E-Trust Primary CA Certificate on my server machines ?
    LVL 31

    Expert Comment

    Users will start getting popup warnings due to the certificate expiration.  This bothers a lot of people, but they can click "yes" and it would still be secure.  The problem is that certificates are set to expire after a certain period of time for a reason - after they expire they should be considered as potentially compromised - i.e. the user has no assurance that any of the certificates are legit and may choose to not accept the warning as it may be directed to another server responding to that name by a malicious attacker -- this is what they are "supposed" to do.

    If you don't need a cert from the same place, you can get one from godaddy for about US$30 or so and keep your users happy that their data is secure and going to where it is supposed to go to.
    LVL 31

    Accepted Solution

    You cannot make a new Belgacom E-Trust Primary CA Certificate, and nobody else is going to.  This was made by Belgacom company, not you, and was accepted by Microsoft for distribution in all of their applications many years ago.

    You need to find another certificate vendor.  The users generally aren't going to be picky - if they are for some reason then go with Certipost as they are the same company as belgacom, but they aren't making a new one.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    The 6120xp switches seem to have a bug when you create a fiber port channel when you have a UCS fabric interconnects talking to them.  If you follow the Cisco guide for the UCS, the FC Port channel will never come up and it will say that there are n…
    When I recently replaced my image transfer kit on my office HP color laserjet 5550dn printer, I had a slight problem.  The left bracket that holds the transfer kit got stuck in the upright locked position instead of being at a 45 degree angle facing…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now