Solved

Certificate Authority - Extending the Validity Period of a pre-installed CA

Posted on 2010-08-31
8
1,294 Views
Last Modified: 2012-05-10
I am currently running Windows SBS 2008 (not that I can percieve its that much different from 2003) and the Certificate Authority is already installed on it with the default 5 year validity period.

I would like to extend the validity period for the ROOT CA as high as it will go, but because it is already installed I cannot appear to do this by the wizard, and the certreq utility isn't the most friendly of commands.

How can I extend the validity period of the ROOT CA, and also increase the exipiry periods of all of the certifcates it will issue?

Thanks x
0
Comment
Question by:sterlingdev
8 Comments
 
LVL 6

Expert Comment

by:radnbne
ID: 33566544
I believe you need to revoke and recreate the certificate in order to extend it.
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33566895
Have a look if a renewal in the "Fix my network" wizard works otherwise try editing the capolicy.inf file and adjusting validity periods.
0
 

Author Comment

by:sterlingdev
ID: 33570686
I know I would need to revoke and recreate the root CA, but when you do it just sticks to the same 5 year default. Is there a way of changing it?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 5

Expert Comment

by:DanMar
ID: 33574703
Hi, the other option I mentioned was "editing the capolicy.inf file and adjusting validity periods" - you may have success with this.
0
 

Author Comment

by:sterlingdev
ID: 33574762
Capolicy.inf does not exist.
0
 
LVL 5

Accepted Solution

by:
DanMar earned 500 total points
ID: 33576886
0
 

Author Comment

by:sterlingdev
ID: 33577180
Thank you, yes this seems to work, by creating the CAPolicy.INF file and saving it into the root of the WINDOWS directory with the following contents...

[certsrv_server]
RenewalValidityPeriodUnits=99
RenewalValidityPeriod=years

I have regenerated the CA Root cert and now has an expiry of 2109!

Thanks
0
 

Expert Comment

by:McKuser
ID: 33747489
This didin't work for me.  Must I restart any service?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question