Windows 2012 R2 SubCA Certificate Renewal

My WIndows 2012 R2 SubCA will be coming up for renewal in the next 30 days and place an renewing it and keeping the existing private key. My question is I place on taking care of this before the current cert expires what will happen to the certs that have already been issued to clients? The certificate chain references the current cert will they still be valid once the current cert expires?
LVL 21
compdigit44Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
just renew the certificate, only the valid from and to dates will change. when someone looks at your certificate chain they will check that the CA chain has not expired. if you revoke and then create a new certificate then everything underneath it needs to be reissued to be valid
0
compdigit44Author Commented:
But from my understand when I cert if issued is it both to a root m subca chain and when I cert if renewed its thumb print changes????
0
David Johnson, CD, MVPOwnerCommented:
yes the thumbprint will change

Is your root CA also going to expire soon?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

compdigit44Author Commented:
no just my issue subca. I just want to be certain that issue certs for clients will are still valid will work with the new subca cert
0
compdigit44Author Commented:
I know it is the weekend, but want wondering if anyone for shed further insight on my question.
0
David Johnson, CD, MVPOwnerCommented:
here is the sequence of events something presents a certificate
  1. you check that the certificate matches the credentials they presented
  2. is the current date within the range of their not-before and not after dates
  3. has the certificate been revoked by the issuer? Y/N if not revoked continue
  4. Certificate seems good so far
  5. Do we trust the issuing CA (yes/no)
  6. has the issuing CA Cert been revoked Y/N if not revoked continue
  7. do we trust the root CA if yes then all is good lets get to work
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.