asked on

Certificate Authority - Extending the Validity Period of a pre-installed CA

I am currently running Windows SBS 2008 (not that I can percieve its that much different from 2003) and the Certificate Authority is already installed on it with the default 5 year validity period.

I would like to extend the validity period for the ROOT CA as high as it will go, but because it is already installed I cannot appear to do this by the wizard, and the certreq utility isn't the most friendly of commands.

How can I extend the validity period of the ROOT CA, and also increase the exipiry periods of all of the certifcates it will issue?

Thanks x

radnbne

I believe you need to revoke and recreate the certificate in order to extend it.

DanMar

Have a look if a renewal in the "Fix my network" wizard works otherwise try editing the capolicy.inf file and adjusting validity periods.

sterlingdev

ASKER

I know I would need to revoke and recreate the root CA, but when you do it just sticks to the same 5 year default. Is there a way of changing it?

DanMar

Hi, the other option I mentioned was "editing the capolicy.inf file and adjusting validity periods" - you may have success with this.

sterlingdev

ASKER

Capolicy.inf does not exist.

ASKER CERTIFIED SOLUTION

DanMar

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

sterlingdev

ASKER

Thank you, yes this seems to work, by creating the CAPolicy.INF file and saving it into the root of the WINDOWS directory with the following contents...

[certsrv_server]
RenewalValidityPeriodUnits=99
RenewalValidityPeriod=years

I have regenerated the CA Root cert and now has an expiry of 2109!

Thanks

McKuser

This didin't work for me. Must I restart any service?