In one of my customer's environment, the CA root certificate is about to expire in couple months. By saying CA root certificate, I mean if you right click the "Properties" in the Certification Authority mmc snap-in, the CA certificate that shown as "Certificate #0" (apology, please forgive my limited knowledge on certificate service).
The environment is running in Windows 2008R2 AD.
I read this document regarding auto renewing of certificate
I want to figure out if this root certificate would renew itself upon expiring. So I setup a lab and test the group policies mentioned in the previous link.
However, I found that the CA root certificate didn't renew itself in my test environment.
So, my questions:
- How to make the CA root certificate renew itself
- In my test lab, the CA root certificate expired, but it didn't seem to have any impact on client machine login, exchange service etc .... so, in fact, apart from issuing certificates within the domain, what else does the CA root certificate do?