we have an ActiveDirectory and a Microsoft CA here.
The certificate of that CA will expire in August, 2015.
Because we don`t want (client-)certificates with retention periods < 1 year, we have to rene the CA-certificate next month.
So as I saw, there is the possibility to create a new pair of keys or to use the existings one.
My currently issued certificates must be valid after renewal. Does this mean, that I have to keep the existing pair of keys?
Will renewing with the existing pair affect any already issued certificates, or will they work on until their end date?
And I have one problem:
When right-clicking the root-CA I see 2 root certifactes, that are valid at the Moment (Nr.2, Nr.3).
Thre are 2 old certificates (Nr.0, Nr.1) that are expired.
Is this nomal?
Why are there 2 certificates?
Do I have to renew both certificates?
I hope that renewing process will be straight forward.
Thanks in advance for your answers.