• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 965
  • Last Modified:

Certificate auto renewal, does it use the same key? signed word documents have expired

We have auto enrolment enabled via GPO, as per this MS article http://technet.microsoft.com/en-us/library/cc731522.aspx

I can see a users certificate has recently been renewed, however all word documents signed with the old certificate have now expired!

does autoenrolment use a new key and not the same key? can anything be configured to make sure all old signed documents dont become expired?

Thanks
0
awilderbeast
Asked:
awilderbeast
  • 2
  • 2
  • 2
4 Solutions
 
Ahmed786Commented:
ITs not possible, you have to renew at certain period of time, the option you can get is either to use same pair of keys or new keys, its on you, but yes you have to renew before its expiring date is approaching.

Please go through below Microsoft article on this with proper explanation.

http://technet.microsoft.com/en-us/library/cc740209(v=ws.10).aspx

Hope this may help you.
0
 
Dave HoweCommented:
Renewing the key won't automagically make the signatures valid again - however, that is purely based on the current date, so there is nothing you can do (short of setting the host to ignore expired certs - really bad idea) to make the existing documents valid again.

All I can really suggest is issuing keys with a really long term (say, 25 years) - as you are issuing them yourself, that isn't going to cost you anything more, and then you have deferred having to worry about the problem for the next couple of decades :)
0
 
awilderbeastAuthor Commented:
So even if the user renewed their cert before it expired all the old signed documents will have expired signatures?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Ahmed786Commented:
Yes you are right, old documents will be marked as Expired Signatures as per my knowledge because that documents were already created some time ago and then it is expired.
0
 
Dave HoweCommented:
yes. the *certificate* is attached to the document as part of the signature, and cannot be separated - even if you have more certificates with the same key, the check on the document will still be on the old certificate.
0
 
awilderbeastAuthor Commented:
THanks GUys
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now