tfinding
asked on
Certificate Authority chain has expired (Event ID 58) - W2008 R2
I have a W2008 R2 member (and Exchange) server acting as a Certification Authority.
It currently has the following error;
Event ID : 58
Source : CertificationAuthority
A certificate in the chain for CA certificate 0 for %Server-Name%-CA has expired. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).
Right clicking the CA and Properties > General, we have;
- CA Certificates > Certificate #0 (expired)
Is it simply a case of;
- opening Certification Authority,
- right clicking the CA in the left pane and
- "All Tasks" > "Renew CA Certificate" ?
Any help would be appreciated.
We have many error messages as listed in this related question;
https://www.experts-exchange.com/questions/28918055/Automatic-certificate-enrollment-for-local-system-failed-0x800b0101.html
Thanks in advance
It currently has the following error;
Event ID : 58
Source : CertificationAuthority
A certificate in the chain for CA certificate 0 for %Server-Name%-CA has expired. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).
Right clicking the CA and Properties > General, we have;
- CA Certificates > Certificate #0 (expired)
Is it simply a case of;
- opening Certification Authority,
- right clicking the CA in the left pane and
- "All Tasks" > "Renew CA Certificate" ?
Any help would be appreciated.
We have many error messages as listed in this related question;
https://www.experts-exchange.com/questions/28918055/Automatic-certificate-enrollment-for-local-system-failed-0x800b0101.html
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for confirming things Peter - I've pushed that through (and generated a new signing key along the way).
My only issue now is that 2 certificates (DirectoryEmailReplication & DomainControllerAuthicatio n) on the Domain Controller have expired & I don't seem to be able to renew or request a new one.
I have the attached error message. Any ideas ?
Thanks again
renew.JPG
My only issue now is that 2 certificates (DirectoryEmailReplication
I have the attached error message. Any ideas ?
Thanks again
renew.JPG
ASKER
The creation of the new CA Certificate has resolved the issues I was having with the Domain Controllers.
I didn't have to do anything on these, other than wait for the autoenroll process.
Now I have;
- Certificate enrollment for Local system is successfully authenticated by policy server
- Certificate enrollment for Local system successfully received a DirectoryEmailReplication certificate with request ID xx from certification authority
- Certificate enrollment for Local system successfully received a DomainControllerAuthentica tion certificate with request ID xx from certification authority
Two new Certificates now present themselves on the DCs.
Thanks again for your time in confirming things here.
I didn't have to do anything on these, other than wait for the autoenroll process.
Now I have;
- Certificate enrollment for Local system is successfully authenticated by policy server
- Certificate enrollment for Local system successfully received a DirectoryEmailReplication certificate with request ID xx from certification authority
- Certificate enrollment for Local system successfully received a DomainControllerAuthentica
Two new Certificates now present themselves on the DCs.
Thanks again for your time in confirming things here.
ASKER
Do you know if I need to generate a new signing key ? I assume not, unless there's a specific reason for doing so.
Thanks
key.JPG