Re: Microsoft Certificate Expiry Date

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 08/05/04 

Date: Thu, 5 Aug 2004 19:18:52 +0200

Hi,

It is probably RootCA -- but it depends on how many CAs you have (you can
have RootCA and then subordinate CAs)...

You can't change RootCA certificate (you can't edit it). For one reason it
is digitally signed and if you edit it it won't be valid any more -- but
then again this is whole point of PKI.

What you can do is renew existing RootCA certificate... Open CA MMC and
right click on CA server. Select All Tasks -> Renew CA Certificate... Note
that this will create NEW RootCA certificate -- for next two years (or
depending on your configuration)...

Mike

"Mike" <Mike@discussions.microsoft.com> wrote in message
news:B6862229-452D-4EC6-B8AC-B7A8F18A0947@microsoft.com...
> Miha,
> Thank you for your response.
> When you refere to CA server is it the same as ROOT CA?
> If so then Yes our root CA has been set up to expire in two years and I
was wondering if we could change the expiry date for the Root CA with out
recreating a new Root Server or reinstalling the Certificate Server.
>
> "Miha Pihler" wrote:
>
> > Hi Mike,
> >
> > This depends on validity of your CA server. If you CA server is valid
for
> > only two years then no it is not possible to issue certificates for
longer
> > then that. There would be no point in issuing certificates for e.g. 5
years
> > if CA certificate is valid for only 2 years. Such certificate would fail
on
> > trust check (CRL)...
> >
> > Mike
> >
> > "Mike" <Mike@discussions.microsoft.com> wrote in message
> > news:141A5534-8122-4D43-A336-7C395D97AAF6@microsoft.com...
> > > We have setup Microsoft Certificate Server (Windows 2000) and Any new
> > certificate we create expires after 2 years.
> > >
> > > Is there a way to change the expiry date without re-installing the
> > certifica server?
> >
> >
> >

Relevant Pages