CA Issue

[Scott25]

CSP: eToken base Cryptographic Provider

The smart cards do hold the certificates, but I am not
quite sure from a technical perspective how VPN works.
We set up a VPN connection that uses the smart cards
which hold the certificate. The root certificate also
has to be loaded on to the computer that is VPN'd in.
The VPN is based on the smart cards though.

 

[Miha Pihler]

Scott,

Sorry, but I can't seem to find a way around this... One solution would be
to migrate to Windows 2003 Enterprise CA. There you can edit templates and
change validity period.

Mike

 

[Amjad.]

One more thing. MS CA will not issue a user certificate
whose expiration will be BEYOND the issuing authority
certificate.

If you use 2003 online CA, it contains templates. You may
create a new template by copying an already available one
and modify the validty period issued using the template.
--Amjad.

 

[Miha Pihler]

It's 2000 CA.

If e.g. CA cert is valid till e.g. 1.9.2006 and you have policy (template)
that should issue certificate for 5 years CA will create a certificate that
will be valid for 1.9.2006.

Mike