Re: Win2003 CA Cert Renewal

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

anonymous_at_discussions.microsoft.com
Date: 10/04/04 

Date: Mon, 4 Oct 2004 14:09:42 -0700

Mike, thanks for the detailed answer.

>-----Original Message-----
>Hi,
>
>If you renew the CA certificate it will use the new key
as well as any
>unexpired previous keys corresponding to previous
certificates when
>generating revocation information (CRLs). Therefore, a
CA may be using
>multiple keys at the same time and will publish multiple
CRLs corresponding
>to those keys.
>
>So, you may continue to use existing keys that are
distributed to your
>users/clients until they expire...
>
>For additional information check out these resources:
>
>Windows Server 2003 PKI Operations Guide
>http://www.microsoft.com/technet/prodtechnol/windowsserve
r2003/technologies/security/ws03pkog.mspx
>
>Implementing and Administering Certificate Templates in
Windows Server 2003
>http://www.microsoft.com/technet/prodtechnol/windowsserve
r2003/technologies/security/ws03crtm.mspx
>
>Best Practices for Implementing a Microsoft Windows
Server2003 Public Key
>Infrastructure
>http://www.microsoft.com/technet/prodtechnol/windowsserve
r2003/technologies/security/ws3pkibp.mspx
>
>PKI Enhancements in Windows XP Professional and Windows
Server 2003
>http://www.microsoft.com/technet/prodtechnol/winxppro/pla
n/pkienh.mspx
>
>Managing a Windows Server 2003 Public Key Infrastructure
>http://www.microsoft.com/technet/prodtechnol/windowsserve
r2003/technologies/security/mngpki.mspx
>
>Advanced Certificate Enrollment and Management
>http://www.microsoft.com/technet/prodtechnol/windowsserve
r2003/technologies/security/advcert.mspx
>
>Mike
>
>"MC" <anonymous@discussions.microsoft.com> wrote in
message
>news:0cb201c4a7f3$216b7b00$a501280a@phx.gbl...
>> Hi,
>>
>> Windows Server 2003 Certification Authority
>> Windows XP SP1 Clients
>> 2 CAs: RootCA offline, Subordinate enterprise CA
(signed
>> by RootCA)
>>
>>
>> What will happen if I renew the Certificate of my
>> Enterprise sub ordinate CA ?
>> Do I have to renew all client certificates (e.g. stored
>> on smart cards for windows logon or s/mime encryption)
at
>> the same time?
>>
>> Is there any way that the user certificates on smart
>> cards renew automatically their certificates and
private
>> keys ?
>>
>> Thanks for answers.
>>
>>
>>
>
>
>.
>

Relevant Pages

  • Re: Win2003 CA Cert Renewal
    ... If you renew the CA certificate it will use the new key as well as any ... multiple keys at the same time and will publish multiple CRLs corresponding ... Implementing and Administering Certificate Templates in Windows Server 2003 ...
    (microsoft.public.windows.server.general)
  • Re: RSA vs AES
    ... > Verisign, MS took the extra burden of issuing a critical patch to ... > those stolen root CAs. ... if any of these other keys ever got compromised ... ... BBN Certificate Services ...
    (sci.crypt)
  • Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification)
    ... >notebook, all the keys I need have already been stored, that's why I can ... Especially on university networks, you'll have to ... dsniff already handles the certificate case pretty well. ... >prohibitive ($200 per SSH server is a hefty price tag). ...
    (Bugtraq)
  • RE: [fw-wiz] insecurity in internet connection thro cable modems
    ... > - Sign the certificate with the local root CA created there ... > to function and create keys without needing a certificate, ... > where the PIX was 2 ... >> GlobalPro makes it easier to maintain a fleet of Netscreens. ...
    (Firewall-Wizards)
  • Re: Is is possible to use a Certificate with RSA & 2048 key without a crypto card?
    ... Now we are told that we must get keys>= 2048. ... RSA keys>1024 without a crypto card? ... We use the certificate for tn3270. ...
    (bit.listserv.ibm-main)