Certificate Authority - Extending the Validity Period of a pre-installed CA

I am currently running Windows SBS 2008 (not that I can percieve its that much different from 2003) and the Certificate Authority is already installed on it with the default 5 year validity period.

I would like to extend the validity period for the ROOT CA as high as it will go, but because it is already installed I cannot appear to do this by the wizard, and the certreq utility isn't the most friendly of commands.

How can I extend the validity period of the ROOT CA, and also increase the exipiry periods of all of the certifcates it will issue?

Thanks x
Who is Participating?

Improve company productivity with a Business Account.Sign Up

DanMarConnect With a Mentor Commented:
I believe you need to revoke and recreate the certificate in order to extend it.
Have a look if a renewal in the "Fix my network" wizard works otherwise try editing the capolicy.inf file and adjusting validity periods.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

sterlingdevAuthor Commented:
I know I would need to revoke and recreate the root CA, but when you do it just sticks to the same 5 year default. Is there a way of changing it?
Hi, the other option I mentioned was "editing the capolicy.inf file and adjusting validity periods" - you may have success with this.
sterlingdevAuthor Commented:
Capolicy.inf does not exist.
sterlingdevAuthor Commented:
Thank you, yes this seems to work, by creating the CAPolicy.INF file and saving it into the root of the WINDOWS directory with the following contents...


I have regenerated the CA Root cert and now has an expiry of 2109!

This didin't work for me.  Must I restart any service?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.