Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

renew trusted root certification authorities for domain controller

Posted on 2013-11-22
4
2,926 Views
Last Modified: 2013-11-25
Hello,
I noticed today that our Trusted root certificate on the domain controller expired. My users get an error when trying to connect to our wireless network (Aruba), I called Aruba support they could not find an issue. the error users get is Cannot authenticate because the certificate cannot be found on this computer, I am assuming the the expired certificate is the issue, I could not find a way to renew the certificate for renew trusted root certification authorities.
Is the error my users get related to the expired certificate, if yes how can I renew the certificate?
Thank you
0
Comment
Question by:rfinaly
4 Comments
 

Expert Comment

by:dlbrody69
ID: 39670798
yes it is most likely a cert issue. Can you attach it here so we can look at it and its chain?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39671165
Your comment
"I noticed today that our Trusted root certificate on the domain controller expired"

Certificate Services enforces a rule that a CA never issues a certificate to be valid beyond the expiration date of its own certificate. Therefore, when a CA's certificate reaches the end of its validity period, all certificates it has issued will also expire.
http://technet.microsoft.com/en-us/library/cc740209(v=ws.10).aspx

In your case root CA certificate has been expired.
if you using windows based CA to issue client certificate, then
You need to renew trusted root certificate 1st on CA server and distribute the same to all clients throug GPO then,
you need to issue or renew client certificates also.

http://technet.microsoft.com/en-us/library/cc780374(v=ws.10).aspx - renew root ca cert
http://technet.microsoft.com/en-us/library/cc776691(v=ws.10).aspx - renew subordinate ca cert
http://technet.microsoft.com/en-us/library/cc772491.aspx - add trusted root certificate to GPO for auto enrollment on clients

Mahesh
1
 
LVL 9

Expert Comment

by:VirastaR
ID: 39671699
0
 

Author Closing Comment

by:rfinaly
ID: 39676412
thank you
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question