Domain Cert Renewal

Hi, Our Domain controller which is running Windows Server 2008, its root cert, is going to expire, I have attached screenshot, we have total of three domain controllers, one of the domain controller is running 2012, don't think it will make any difference.
I have run a power shell command on domain controller to check the thumbprints, and certs expiring in the next 5 days;  

PS cert:\> Get-ChildItem -Recurse | where { $_.notafter -le (get-date).AddDays(5) -AND $_.notafter -gt (get-date)} | sel
ect thumbprint, subject

Thumbprint                                                  Subject
----------                                                  -------
AFFB9C4AE64F095626A0552E5843B950131ACA4F                    CN= Admin, OU=Admin Accounts, OU=AUS-Austral...
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain-CA, DC=Local, DC=internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal
5E0E1D8587DBB6A2A95333D2E5D46A9889F4284D                    CN=ServerName.Domain.internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal
7600B0FC86FB7352C3616F2D0090E515594D7C96                    CN=Domain, DC=Local, DC=internal

I need a procedure on how I will carry out the renewal for the Certificate, which steps I have to follow, so I wont break anything.
thanks.
Domain.jpg
LVL 8
LeoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
Is the DC mentioned above your Enterprise Certificate Authority?

Reference links:

1. "Overview Renewing a certification authority" https://technet.microsoft.com/en-us/library/cc740209(v=ws.10).aspx
2. "Renew a root certification authority" https://technet.microsoft.com/en-us/library/cc780374(v=ws.10).aspx

Dan
0
LeoAuthor Commented:
Yes this DC is the Enterprise Certificate Authority
0
LeoAuthor Commented:
When I follow that link it says I don't have the privileges....
I think the right way to generate cert is;
http://blog.schertz.name/2011/08/certificate-requests-in-windows-server-2008/ 
following that link I am able to generate Cert, but its expiring today, on the same date when the old cert is expiring, so for some reason its not able to extend the cert validity past 11/11/2015
0
LeoAuthor Commented:
this one worked for me perfectly....
https://www.youtube.com/watch?v=Q-1Y1ZI9R6k
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LeoAuthor Commented:
Worked perfectly, Root cert is extended for 10 years...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.