Certificate request only 2 years

Certificate request only 2 years
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Certificate request only 2 years Mr.B 12-05-2007
Posted by =?Utf-8?B?TXIuQg==?= on December 5, 2007, 9:59 am
If you were  Registered and logged in, you could reply and use other advanced thread options
How can extend certificate request for more than two years for computer
certificate.
I have Enterprise Ca that is valid for 10 years, but computer certificate is
only valid for two years.
I have windows 2003 RS Standard server, and I have Enterprise CA.
Enrolment is only for V1 certificate. If I edit template for Computer
Certificate, than it become v2, and I can not use it, for enrolment.


Posted by Brian Komar on December 5, 2007, 1:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
You cannot.
It is hard coded in the certificate template, and as mentioned earlier, you
cannot issue v2 certificates from Standard Edition.
There is another setting though that will affect your validity periods.

certutil -setreg ca\ValidityPeriodUnits 4
certutil -setreg ca\ValidityPeriod "Years"
net stop certsvc && net start certsvc

This will set the maximum lifetime of certificates issued by the CA to 4
years (for example). But it will be the lesser of the template setting and
the Validity Period settings above.
Brian

> How can extend certificate request for more than two years for computer
> certificate.
> I have Enterprise Ca that is valid for 10 years, but computer certificate
> is
> only valid for two years.
> I have windows 2003 RS Standard server, and I have Enterprise CA.
> Enrolment is only for V1 certificate. If I edit template for Computer
> Certificate, than it become v2, and I can not use it, for enrolment.
>


Posted by =?Utf-8?B?TXIuQg==?= on December 6, 2007, 2:32 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I will test and i will replay to you.

"Brian Komar" wrote:

> You cannot.
> It is hard coded in the certificate template, and as mentioned earlier, you
> cannot issue v2 certificates from Standard Edition.
> There is another setting though that will affect your validity periods.
>
> certutil -setreg ca\ValidityPeriodUnits 4
> certutil -setreg ca\ValidityPeriod "Years"
> net stop certsvc && net start certsvc
>
> This will set the maximum lifetime of certificates issued by the CA to 4
> years (for example). But it will be the lesser of the template setting and
> the Validity Period settings above.
> Brian
>
> > How can extend certificate request for more than two years for computer
> > certificate.
> > I have Enterprise Ca that is valid for 10 years, but computer certificate
> > is
> > only valid for two years.
> > I have windows 2003 RS Standard server, and I have Enterprise CA.
> > Enrolment is only for V1 certificate. If I edit template for Computer
> > Certificate, than it become v2, and I can not use it, for enrolment.
> >
>

Similar ThreadsPosted
Cannot Request Certificate February 27, 2007, 7:45 am
LDAPS--certificate request February 3, 2006, 12:44 pm
Certificate Request Question March 3, 2006, 10:31 am
Permissions requried to request a certificate. September 8, 2008, 9:07 pm
Automatic Certificate Request Setup Wizard May 24, 2006, 4:41 am
MS PKI: Special Subject Fields in certificate Request September 24, 2007, 6:04 am
How to request client certificate, non domain computers December 5, 2007, 9:39 am
Certificate Enrollment API: Request on behalf of another user February 13, 2008, 9:02 pm
how to issue certificates based on the content of certificate request January 25, 2008, 5:28 pm
Certificate request file syntex for critical extensions February 27, 2008, 12:29 pm

The site map in XML format XML site map

Contact Us | Privacy Policy