Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Certificate Authority - Extending the Validity Period of a pre-installed CA

Posted on 2010-08-31
8
Medium Priority
?
1,305 Views
Last Modified: 2012-05-10
I am currently running Windows SBS 2008 (not that I can percieve its that much different from 2003) and the Certificate Authority is already installed on it with the default 5 year validity period.

I would like to extend the validity period for the ROOT CA as high as it will go, but because it is already installed I cannot appear to do this by the wizard, and the certreq utility isn't the most friendly of commands.

How can I extend the validity period of the ROOT CA, and also increase the exipiry periods of all of the certifcates it will issue?

Thanks x
0
Comment
Question by:sterlingdev
8 Comments
 
LVL 6

Expert Comment

by:radnbne
ID: 33566544
I believe you need to revoke and recreate the certificate in order to extend it.
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33566895
Have a look if a renewal in the "Fix my network" wizard works otherwise try editing the capolicy.inf file and adjusting validity periods.
0
 

Author Comment

by:sterlingdev
ID: 33570686
I know I would need to revoke and recreate the root CA, but when you do it just sticks to the same 5 year default. Is there a way of changing it?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 5

Expert Comment

by:DanMar
ID: 33574703
Hi, the other option I mentioned was "editing the capolicy.inf file and adjusting validity periods" - you may have success with this.
0
 

Author Comment

by:sterlingdev
ID: 33574762
Capolicy.inf does not exist.
0
 
LVL 5

Accepted Solution

by:
DanMar earned 2000 total points
ID: 33576886
0
 

Author Comment

by:sterlingdev
ID: 33577180
Thank you, yes this seems to work, by creating the CAPolicy.INF file and saving it into the root of the WINDOWS directory with the following contents...

[certsrv_server]
RenewalValidityPeriodUnits=99
RenewalValidityPeriod=years

I have regenerated the CA Root cert and now has an expiry of 2109!

Thanks
0
 

Expert Comment

by:McKuser
ID: 33747489
This didin't work for me.  Must I restart any service?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question