All My Issued Certs are going to Expire in 29 Days!!!

[Scott Townsend]

I have a MS 2000 AD DC with the Certificate Server installed in Stand-alone
mode.

When ever anyone gets a Cert the Expiration date and Time is always the
same, no matter when the Cert was Issued.

Whets up with that? I though the default time for the Cert was determined
when you installed the server. It asked how long you wanted the Certs to be
valid when issued, its normally like 2 years or something.

All mine are the same...

Please, any help would be appreciated. My best hope is if I can extend the
life of the Existing Certs. I really don't want to have to have everyone get
a new one, though if that's the case I can get it done.

Thanks,
Scott<-

 

[David Cross [MS]]

when does the issuing CA expire? It is likely restricting the validity of
all certs as its lifetime is shorter than the EE cert lifetime.

 

[Scott Townsend]

That was the Case, the CA was to expire on the same day.

I renewed the CA, though its only for a year. Is there a way to make it
longer, though restrict the certs that are issued to the clients only last a
year?

Thanks,
Scott<-

when does the issuing CA expire? It is likely restricting the validity of
all certs as its lifetime is shorter than the EE cert lifetime.



--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

I have a MS 2000 AD DC with the Certificate Server installed in Stand-alone
mode.

When ever anyone gets a Cert the Expiration date and Time is always the
same, no matter when the Cert was Issued.

Whets up with that? I though the default time for the Cert was determined
when you installed the server. It asked how long you wanted the Certs to be
valid when issued, its normally like 2 years or something.

All mine are the same...

Please, any help would be appreciated. My best hope is if I can extend the
life of the Existing Certs. I really don't want to have to have everyone get
a new one, though if that's the case I can get it done.

Thanks,
Scott<-

 

[David Cross [MS]]

yes, you can add a longer renewal period in a capolicy.inf file and then do
the renewal. examples:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/operate/ws3pkibp.asp

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

That was the Case, the CA was to expire on the same day.

I renewed the CA, though its only for a year. Is there a way to make it
longer, though restrict the certs that are issued to the clients only last a
year?

Thanks,
Scott<-

when does the issuing CA expire? It is likely restricting the validity of
all certs as its lifetime is shorter than the EE cert lifetime.



--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

I have a MS 2000 AD DC with the Certificate Server installed in Stand-alone
mode.

When ever anyone gets a Cert the Expiration date and Time is always the
same, no matter when the Cert was Issued.

Whets up with that? I though the default time for the Cert was determined
when you installed the server. It asked how long you wanted the Certs

to
be

valid when issued, its normally like 2 years or something.

All mine are the same...

Please, any help would be appreciated. My best hope is if I can

extend
the

life of the Existing Certs. I really don't want to have to have

everyone
get

a new one, though if that's the case I can get it done.

Thanks,
Scott<-