Solved

Certificate Authority - Extending the Validity Period of a pre-installed CA

Posted on 2010-08-31
8
1,282 Views
Last Modified: 2012-05-10
I am currently running Windows SBS 2008 (not that I can percieve its that much different from 2003) and the Certificate Authority is already installed on it with the default 5 year validity period.

I would like to extend the validity period for the ROOT CA as high as it will go, but because it is already installed I cannot appear to do this by the wizard, and the certreq utility isn't the most friendly of commands.

How can I extend the validity period of the ROOT CA, and also increase the exipiry periods of all of the certifcates it will issue?

Thanks x
0
Comment
Question by:sterlingdev
8 Comments
 
LVL 6

Expert Comment

by:radnbne
ID: 33566544
I believe you need to revoke and recreate the certificate in order to extend it.
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33566895
Have a look if a renewal in the "Fix my network" wizard works otherwise try editing the capolicy.inf file and adjusting validity periods.
0
 

Author Comment

by:sterlingdev
ID: 33570686
I know I would need to revoke and recreate the root CA, but when you do it just sticks to the same 5 year default. Is there a way of changing it?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 5

Expert Comment

by:DanMar
ID: 33574703
Hi, the other option I mentioned was "editing the capolicy.inf file and adjusting validity periods" - you may have success with this.
0
 

Author Comment

by:sterlingdev
ID: 33574762
Capolicy.inf does not exist.
0
 
LVL 5

Accepted Solution

by:
DanMar earned 500 total points
ID: 33576886
0
 

Author Comment

by:sterlingdev
ID: 33577180
Thank you, yes this seems to work, by creating the CAPolicy.INF file and saving it into the root of the WINDOWS directory with the following contents...

[certsrv_server]
RenewalValidityPeriodUnits=99
RenewalValidityPeriod=years

I have regenerated the CA Root cert and now has an expiry of 2109!

Thanks
0
 

Expert Comment

by:McKuser
ID: 33747489
This didin't work for me.  Must I restart any service?
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question