My client has installed a Enterprise certificate few months ago and let the CA's vilid period to be 3 years in the installation. I noticed the template's valid period was set or defaulted to three years. Then a certificate was duplicated from that template for servers and PCs. Also GPO was configured to auto-enroll.
My understanding is that cert is being issued to PCs and servers and will be replaced after three years when the cert expires, and also if i install a new server today and that server will get cert to cover three years from today, I might be wrong to assume that. Not sure what that CA valid period is doing here and what the template expire date?
Experts out there,
1. If CA's valid period and template expire/valid period are same then How do I extend the CA's valid period to 5 or six years?
2. Does the CA get the same certificate as rest of the servers and PC, that is, the root certificate is same as the rest of the servers?
I would appreciate if you shed light on these.