• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 86
  • Last Modified:

Windows 2012 R2 SubCA Certificate Renewal

My WIndows 2012 R2 SubCA will be coming up for renewal in the next 30 days and place an renewing it and keeping the existing private key. My question is I place on taking care of this before the current cert expires what will happen to the certs that have already been issued to clients? The certificate chain references the current cert will they still be valid once the current cert expires?
0
compdigit44
Asked:
compdigit44
  • 3
  • 3
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
just renew the certificate, only the valid from and to dates will change. when someone looks at your certificate chain they will check that the CA chain has not expired. if you revoke and then create a new certificate then everything underneath it needs to be reissued to be valid
0
 
compdigit44Author Commented:
But from my understand when I cert if issued is it both to a root m subca chain and when I cert if renewed its thumb print changes????
0
 
David Johnson, CD, MVPOwnerCommented:
yes the thumbprint will change

Is your root CA also going to expire soon?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
compdigit44Author Commented:
no just my issue subca. I just want to be certain that issue certs for clients will are still valid will work with the new subca cert
0
 
compdigit44Author Commented:
I know it is the weekend, but want wondering if anyone for shed further insight on my question.
0
 
David Johnson, CD, MVPOwnerCommented:
here is the sequence of events something presents a certificate
  1. you check that the certificate matches the credentials they presented
  2. is the current date within the range of their not-before and not after dates
  3. has the certificate been revoked by the issuer? Y/N if not revoked continue
  4. Certificate seems good so far
  5. Do we trust the issuing CA (yes/no)
  6. has the issuing CA Cert been revoked Y/N if not revoked continue
  7. do we trust the root CA if yes then all is good lets get to work
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now