Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I find and renew my CA on my domain?

Posted on 2012-04-12
4
Medium Priority
?
1,680 Views
Last Modified: 2012-05-14
Hi, I while back I installed a RADIUS server (Server 2008 R2) via NPS role for our new wireless authentication process.  During the install process, I added ADCS role as part of the installation.  I vaguely recall that most CA's are good for 1 year or whatever you set them to, I guess.  Also, I vaguely recall that if you don't perform a renew process with the CA before it expires it can become a nightmare.  

Anyways, I am trying to find out how long before the certificate expires.

So, where can I find this information inside the Certicates console?

Or do I look for it inside the ADCS (Certificate Authority console)?


Lastly, what are the steps (process) to perform a certificate renewal for the CA?


Thanks in advance.
0
Comment
Question by:rsnellman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Assisted Solution

by:Radhakrishnan R
Radhakrishnan R earned 1400 total points
ID: 37837935
Hi,

If you are looking for a specific cerficate for a website then you can check this from IIS>>Expand the server>>Expand Websites>>Right click and select properties on the website>>Directory Security>>Click on View Certificates from the Secure communication section. Also, you just note down the validity of the sertificate and the certificate name.

You can check all the certificates from Start>>Administrative Tools>>Certification Authority>>Expand CA>>>Select Issued Certificates and check the Certificate Effective date and Certificate Expiration date.

"Good Luck"
0
 

Author Comment

by:rsnellman
ID: 37838000
OK, I see them and they are all set for 1 year.  Will they automatically renew or be reissued a new certificate once the 1 year limit is up?  Or is there something I need to do manually?

Also, what about the root CA?  Doesn't that have a time limit too?  If so, how do I go about renewing/reissuing the root CA?


Thanks again.
0
 
LVL 23

Accepted Solution

by:
Radhakrishnan R earned 1400 total points
ID: 37838066
Hi,

If the certificate is going to expire in a year then you should manually renew this accordingly.

Regarding your query about the root CA is the topmost Certificate Authority (CA) in a Certificate Authority (CA) hierarchy. Each Certificate Authority (CA) hierarchy begins with the Root CA, and multiple CAs branch from this Root CA in a parent-child relationship. All child CAs must be certified by the corresponding parent CA back to the Root CA. The Root CA is kept in a secure area and it is usually a stand-alone offline CA (to make it topmost secure Certificate Authority (CA). The root CA provides certificates for intermediate CAs. The certificates can be revoked if they are compromised.

Use this link to install the Root CA (trusted certificates) http://www.globalsign.com/support/root-certificate/serversign.html
0
 
LVL 41

Assisted Solution

by:footech
footech earned 600 total points
ID: 37846069
The default validity period for a CA certificate is 5 years.  To see when it expires, either examine it directly using the Certificates MMC snap-in (under Trusted Root Certification Authorities), or look at one of the certificates that has been issued by the CA and dig back through the chain to see the details of the root certificate.

To renew it, open the Certification Authority Management Console, right-click on the CA server name > All Tasks > Renew CA Certificate.  You can then deploy the renewed certificate manually or through Group Policy.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question