CA Issue

Archived from groups: microsoft.public.win2000.security (More info?)

My main certificate was set to expire on September 10,
2004. I renewed the certificate with the same private
key, and it is now set to expire on Sep 1, 2006
(basically 2 years from today) This seemed to work
correctly. When I now issue a new certificate to a smart
card for VPN purposes, it gives the certificate an
expiration date of Sep 1, 2005 (A year before the base
certificate is set to expire).

I don't want to have to renew all the company's VPN keys
in a year. How can I set the expiration date to the same
as the root cert?
23 answers Last reply
More about issue
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Scott,

    How To Change the Expiration Date of Certificates That Are Issued by a
    Windows Server 2003 or a Windows 2000 Server Certificate Authority
    http://support.microsoft.com/default.aspx?scid=kb;en-us;254632&Product=win2000

    Feel free to post back if you have any questions regarding this.

    Mike

    "Scott25" <anonymous@discussions.microsoft.com> wrote in message
    news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    > My main certificate was set to expire on September 10,
    > 2004. I renewed the certificate with the same private
    > key, and it is now set to expire on Sep 1, 2006
    > (basically 2 years from today) This seemed to work
    > correctly. When I now issue a new certificate to a smart
    > card for VPN purposes, it gives the certificate an
    > expiration date of Sep 1, 2005 (A year before the base
    > certificate is set to expire).
    >
    > I don't want to have to renew all the company's VPN keys
    > in a year. How can I set the expiration date to the same
    > as the root cert?
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks for the article. I followed it and discovered
    that everything in my registry was already set correctly.

    My root certificate is correctly being issued with a 2
    year expiration date.

    My problem is that all the certificates that I issue to
    my VPN keys that are based on that root certificate have
    an expiration date of only 1 year. I don't understand
    why these would have a different expiration date.

    Any other thoughts? Thanks for all your help.

    >-----Original Message-----
    >Hi Scott,
    >
    >How To Change the Expiration Date of Certificates That
    Are Issued by a
    >Windows Server 2003 or a Windows 2000 Server Certificate
    Authority
    >http://support.microsoft.com/default.aspx?scid=kb;en-
    us;254632&Product=win2000
    >
    >Feel free to post back if you have any questions
    regarding this.
    >
    >Mike
    >
    >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    >> My main certificate was set to expire on September 10,
    >> 2004. I renewed the certificate with the same private
    >> key, and it is now set to expire on Sep 1, 2006
    >> (basically 2 years from today) This seemed to work
    >> correctly. When I now issue a new certificate to a
    smart
    >> card for VPN purposes, it gives the certificate an
    >> expiration date of Sep 1, 2005 (A year before the base
    >> certificate is set to expire).
    >>
    >> I don't want to have to renew all the company's VPN
    keys
    >> in a year. How can I set the expiration date to the
    same
    >> as the root cert?
    >
    >
    >.
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Scott,

    What value do you have under "ValidityPeriodUnits" Registry Key?

    Mike

    "Scott25" <anonymous@discussions.microsoft.com> wrote in message
    news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    > Thanks for the article. I followed it and discovered
    > that everything in my registry was already set correctly.
    >
    > My root certificate is correctly being issued with a 2
    > year expiration date.
    >
    > My problem is that all the certificates that I issue to
    > my VPN keys that are based on that root certificate have
    > an expiration date of only 1 year. I don't understand
    > why these would have a different expiration date.
    >
    > Any other thoughts? Thanks for all your help.
    >
    > >-----Original Message-----
    > >Hi Scott,
    > >
    > >How To Change the Expiration Date of Certificates That
    > Are Issued by a
    > >Windows Server 2003 or a Windows 2000 Server Certificate
    > Authority
    > >http://support.microsoft.com/default.aspx?scid=kb;en-
    > us;254632&Product=win2000
    > >
    > >Feel free to post back if you have any questions
    > regarding this.
    > >
    > >Mike
    > >
    > >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    > message
    > >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    > >> My main certificate was set to expire on September 10,
    > >> 2004. I renewed the certificate with the same private
    > >> key, and it is now set to expire on Sep 1, 2006
    > >> (basically 2 years from today) This seemed to work
    > >> correctly. When I now issue a new certificate to a
    > smart
    > >> card for VPN purposes, it gives the certificate an
    > >> expiration date of Sep 1, 2005 (A year before the base
    > >> certificate is set to expire).
    > >>
    > >> I don't want to have to renew all the company's VPN
    > keys
    > >> in a year. How can I set the expiration date to the
    > same
    > >> as the root cert?
    > >
    > >
    > >.
    > >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Years.

    >-----Original Message-----
    >Scott,
    >
    >What value do you have under "ValidityPeriodUnits"
    Registry Key?
    >
    >Mike
    >
    >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    >> Thanks for the article. I followed it and discovered
    >> that everything in my registry was already set
    correctly.
    >>
    >> My root certificate is correctly being issued with a 2
    >> year expiration date.
    >>
    >> My problem is that all the certificates that I issue to
    >> my VPN keys that are based on that root certificate
    have
    >> an expiration date of only 1 year. I don't understand
    >> why these would have a different expiration date.
    >>
    >> Any other thoughts? Thanks for all your help.
    >>
    >> >-----Original Message-----
    >> >Hi Scott,
    >> >
    >> >How To Change the Expiration Date of Certificates That
    >> Are Issued by a
    >> >Windows Server 2003 or a Windows 2000 Server
    Certificate
    >> Authority
    >> >http://support.microsoft.com/default.aspx?scid=kb;en-
    >> us;254632&Product=win2000
    >> >
    >> >Feel free to post back if you have any questions
    >> regarding this.
    >> >
    >> >Mike
    >> >
    >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    in
    >> message
    >> >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    >> >> My main certificate was set to expire on September
    10,
    >> >> 2004. I renewed the certificate with the same
    private
    >> >> key, and it is now set to expire on Sep 1, 2006
    >> >> (basically 2 years from today) This seemed to work
    >> >> correctly. When I now issue a new certificate to a
    >> smart
    >> >> card for VPN purposes, it gives the certificate an
    >> >> expiration date of Sep 1, 2005 (A year before the
    base
    >> >> certificate is set to expire).
    >> >>
    >> >> I don't want to have to renew all the company's VPN
    >> keys
    >> >> in a year. How can I set the expiration date to the
    >> same
    >> >> as the root cert?
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    In article <3aa601c48f92$bc102b70$a601280a@phx.gbl>, in the
    microsoft.public.win2000.security news group, Scott25
    <anonymous@discussions.microsoft.com> says...

    > Thanks for the article. I followed it and discovered
    > that everything in my registry was already set correctly.
    >
    > My root certificate is correctly being issued with a 2
    > year expiration date.
    >
    > My problem is that all the certificates that I issue to
    > my VPN keys that are based on that root certificate have
    > an expiration date of only 1 year. I don't understand
    > why these would have a different expiration date.
    >
    > Any other thoughts? Thanks for all your help.
    >

    As per the article, there are 3 factors that affect how long a
    certificate is valid for. Which template are you using for your
    certificate? Have you looked at the properties of that template to see
    its validity period? I'll bet it is set for 1 year. Also, what operating
    system is your CA installed on?

    --
    Paul Adare
    This posting is provided "AS IS" with no warranties, and confers no
    rights.
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    It is a Windows 2000 Server. It is the only CA in the
    network. How do I check the properties of the template?

    >-----Original Message-----
    >In article <3aa601c48f92$bc102b70$a601280a@phx.gbl>, in
    the
    >microsoft.public.win2000.security news group, Scott25
    ><anonymous@discussions.microsoft.com> says...
    >
    >> Thanks for the article. I followed it and discovered
    >> that everything in my registry was already set
    correctly.
    >>
    >> My root certificate is correctly being issued with a 2
    >> year expiration date.
    >>
    >> My problem is that all the certificates that I issue
    to
    >> my VPN keys that are based on that root certificate
    have
    >> an expiration date of only 1 year. I don't understand
    >> why these would have a different expiration date.
    >>
    >> Any other thoughts? Thanks for all your help.
    >>
    >
    >As per the article, there are 3 factors that affect how
    long a
    >certificate is valid for. Which template are you using
    for your
    >certificate? Have you looked at the properties of that
    template to see
    >its validity period? I'll bet it is set for 1 year.
    Also, what operating
    >system is your CA installed on?
    >
    >--
    >Paul Adare
    >This posting is provided "AS IS" with no warranties, and
    confers no
    >rights.
    >.
    >
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    I think you are looking at wrong values:

    Under
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<
    CAName>

    Set this values like this:

    REG_SZ ValidityPeriod Years
    REG_DWORD ValidityPeriodUnits 2

    (default value for REG_DWORD ValidityPeriodUnits is 1 )

    Again check the posted article again! Also check Paul's post!

    Mike

    <anonymous@discussions.microsoft.com> wrote in message
    news:425001c49027$d198c1b0$a301280a@phx.gbl...
    > Years.
    >
    > >-----Original Message-----
    > >Scott,
    > >
    > >What value do you have under "ValidityPeriodUnits"
    > Registry Key?
    > >
    > >Mike
    > >
    > >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    > message
    > >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    > >> Thanks for the article. I followed it and discovered
    > >> that everything in my registry was already set
    > correctly.
    > >>
    > >> My root certificate is correctly being issued with a 2
    > >> year expiration date.
    > >>
    > >> My problem is that all the certificates that I issue to
    > >> my VPN keys that are based on that root certificate
    > have
    > >> an expiration date of only 1 year. I don't understand
    > >> why these would have a different expiration date.
    > >>
    > >> Any other thoughts? Thanks for all your help.
    > >>
    > >> >-----Original Message-----
    > >> >Hi Scott,
    > >> >
    > >> >How To Change the Expiration Date of Certificates That
    > >> Are Issued by a
    > >> >Windows Server 2003 or a Windows 2000 Server
    > Certificate
    > >> Authority
    > >> >http://support.microsoft.com/default.aspx?scid=kb;en-
    > >> us;254632&Product=win2000
    > >> >
    > >> >Feel free to post back if you have any questions
    > >> regarding this.
    > >> >
    > >> >Mike
    > >> >
    > >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    > in
    > >> message
    > >> >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    > >> >> My main certificate was set to expire on September
    > 10,
    > >> >> 2004. I renewed the certificate with the same
    > private
    > >> >> key, and it is now set to expire on Sep 1, 2006
    > >> >> (basically 2 years from today) This seemed to work
    > >> >> correctly. When I now issue a new certificate to a
    > >> smart
    > >> >> card for VPN purposes, it gives the certificate an
    > >> >> expiration date of Sep 1, 2005 (A year before the
    > base
    > >> >> certificate is set to expire).
    > >> >>
    > >> >> I don't want to have to renew all the company's VPN
    > >> keys
    > >> >> in a year. How can I set the expiration date to the
    > >> same
    > >> >> as the root cert?
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  8. Archived from groups: microsoft.public.win2000.security (More info?)

    I just doublechecked to make sure I was looking at the
    right values and those are the exact values I have. Under
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSv
    c\Configuration\"Certifcate Name"

    I have
    Validity Period REG_SZ Years
    Validity Period Units REG_DWORD 2

    Thanks for all your help, but I am still not sure what I
    am doing wrong.

    >-----Original Message-----
    >I think you are looking at wrong values:
    >
    >Under
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    vc\Configuration\<
    >CAName>
    >
    >Set this values like this:
    >
    >REG_SZ ValidityPeriod Years
    >REG_DWORD ValidityPeriodUnits 2
    >
    >(default value for REG_DWORD ValidityPeriodUnits is 1 )
    >
    >Again check the posted article again! Also check Paul's
    post!
    >
    >Mike
    >
    ><anonymous@discussions.microsoft.com> wrote in message
    >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    >> Years.
    >>
    >> >-----Original Message-----
    >> >Scott,
    >> >
    >> >What value do you have under "ValidityPeriodUnits"
    >> Registry Key?
    >> >
    >> >Mike
    >> >
    >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    in
    >> message
    >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    >> >> Thanks for the article. I followed it and discovered
    >> >> that everything in my registry was already set
    >> correctly.
    >> >>
    >> >> My root certificate is correctly being issued with a
    2
    >> >> year expiration date.
    >> >>
    >> >> My problem is that all the certificates that I issue
    to
    >> >> my VPN keys that are based on that root certificate
    >> have
    >> >> an expiration date of only 1 year. I don't
    understand
    >> >> why these would have a different expiration date.
    >> >>
    >> >> Any other thoughts? Thanks for all your help.
    >> >>
    >> >> >-----Original Message-----
    >> >> >Hi Scott,
    >> >> >
    >> >> >How To Change the Expiration Date of Certificates
    That
    >> >> Are Issued by a
    >> >> >Windows Server 2003 or a Windows 2000 Server
    >> Certificate
    >> >> Authority
    >> >> >http://support.microsoft.com/default.aspx?
    scid=kb;en-
    >> >> us;254632&Product=win2000
    >> >> >
    >> >> >Feel free to post back if you have any questions
    >> >> regarding this.
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    wrote
    >> in
    >> >> message
    >> >> >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    >> >> >> My main certificate was set to expire on September
    >> 10,
    >> >> >> 2004. I renewed the certificate with the same
    >> private
    >> >> >> key, and it is now set to expire on Sep 1, 2006
    >> >> >> (basically 2 years from today) This seemed to
    work
    >> >> >> correctly. When I now issue a new certificate to
    a
    >> >> smart
    >> >> >> card for VPN purposes, it gives the certificate an
    >> >> >> expiration date of Sep 1, 2005 (A year before the
    >> base
    >> >> >> certificate is set to expire).
    >> >> >>
    >> >> >> I don't want to have to renew all the company's
    VPN
    >> >> keys
    >> >> >> in a year. How can I set the expiration date to
    the
    >> >> same
    >> >> >> as the root cert?
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  9. Archived from groups: microsoft.public.win2000.security (More info?)

    How do you have this CA setup? Is this an Enterprise Root CA or Standalone
    Root CA?

    Mike

    <anonymous@discussions.microsoft.com> wrote in message
    news:097801c4902d$b98389b0$a401280a@phx.gbl...
    > I just doublechecked to make sure I was looking at the
    > right values and those are the exact values I have. Under
    > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSv
    > c\Configuration\"Certifcate Name"
    >
    > I have
    > Validity Period REG_SZ Years
    > Validity Period Units REG_DWORD 2
    >
    > Thanks for all your help, but I am still not sure what I
    > am doing wrong.
    >
    > >-----Original Message-----
    > >I think you are looking at wrong values:
    > >
    > >Under
    > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    > vc\Configuration\<
    > >CAName>
    > >
    > >Set this values like this:
    > >
    > >REG_SZ ValidityPeriod Years
    > >REG_DWORD ValidityPeriodUnits 2
    > >
    > >(default value for REG_DWORD ValidityPeriodUnits is 1 )
    > >
    > >Again check the posted article again! Also check Paul's
    > post!
    > >
    > >Mike
    > >
    > ><anonymous@discussions.microsoft.com> wrote in message
    > >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    > >> Years.
    > >>
    > >> >-----Original Message-----
    > >> >Scott,
    > >> >
    > >> >What value do you have under "ValidityPeriodUnits"
    > >> Registry Key?
    > >> >
    > >> >Mike
    > >> >
    > >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    > in
    > >> message
    > >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    > >> >> Thanks for the article. I followed it and discovered
    > >> >> that everything in my registry was already set
    > >> correctly.
    > >> >>
    > >> >> My root certificate is correctly being issued with a
    > 2
    > >> >> year expiration date.
    > >> >>
    > >> >> My problem is that all the certificates that I issue
    > to
    > >> >> my VPN keys that are based on that root certificate
    > >> have
    > >> >> an expiration date of only 1 year. I don't
    > understand
    > >> >> why these would have a different expiration date.
    > >> >>
    > >> >> Any other thoughts? Thanks for all your help.
    > >> >>
    > >> >> >-----Original Message-----
    > >> >> >Hi Scott,
    > >> >> >
    > >> >> >How To Change the Expiration Date of Certificates
    > That
    > >> >> Are Issued by a
    > >> >> >Windows Server 2003 or a Windows 2000 Server
    > >> Certificate
    > >> >> Authority
    > >> >> >http://support.microsoft.com/default.aspx?
    > scid=kb;en-
    > >> >> us;254632&Product=win2000
    > >> >> >
    > >> >> >Feel free to post back if you have any questions
    > >> >> regarding this.
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    > wrote
    > >> in
    > >> >> message
    > >> >> >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    > >> >> >> My main certificate was set to expire on September
    > >> 10,
    > >> >> >> 2004. I renewed the certificate with the same
    > >> private
    > >> >> >> key, and it is now set to expire on Sep 1, 2006
    > >> >> >> (basically 2 years from today) This seemed to
    > work
    > >> >> >> correctly. When I now issue a new certificate to
    > a
    > >> >> smart
    > >> >> >> card for VPN purposes, it gives the certificate an
    > >> >> >> expiration date of Sep 1, 2005 (A year before the
    > >> base
    > >> >> >> certificate is set to expire).
    > >> >> >>
    > >> >> >> I don't want to have to renew all the company's
    > VPN
    > >> >> keys
    > >> >> >> in a year. How can I set the expiration date to
    > the
    > >> >> same
    > >> >> >> as the root cert?
    > >> >> >
    > >> >> >
    > >> >> >.
    > >> >> >
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  10. Archived from groups: microsoft.public.win2000.security (More info?)

    It says Enterprise Root CA. It is the only CA on our
    network.

    >-----Original Message-----
    >How do you have this CA setup? Is this an Enterprise Root
    CA or Standalone
    >Root CA?
    >
    >Mike
    >
    ><anonymous@discussions.microsoft.com> wrote in message
    >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    >> I just doublechecked to make sure I was looking at the
    >> right values and those are the exact values I have.
    Under
    >>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSv
    >> c\Configuration\"Certifcate Name"
    >>
    >> I have
    >> Validity Period REG_SZ Years
    >> Validity Period Units REG_DWORD 2
    >>
    >> Thanks for all your help, but I am still not sure what I
    >> am doing wrong.
    >>
    >> >-----Original Message-----
    >> >I think you are looking at wrong values:
    >> >
    >> >Under
    >>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    >> vc\Configuration\<
    >> >CAName>
    >> >
    >> >Set this values like this:
    >> >
    >> >REG_SZ ValidityPeriod Years
    >> >REG_DWORD ValidityPeriodUnits 2
    >> >
    >> >(default value for REG_DWORD ValidityPeriodUnits is 1 )
    >> >
    >> >Again check the posted article again! Also check Paul's
    >> post!
    >> >
    >> >Mike
    >> >
    >> ><anonymous@discussions.microsoft.com> wrote in message
    >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    >> >> Years.
    >> >>
    >> >> >-----Original Message-----
    >> >> >Scott,
    >> >> >
    >> >> >What value do you have under "ValidityPeriodUnits"
    >> >> Registry Key?
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    wrote
    >> in
    >> >> message
    >> >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    >> >> >> Thanks for the article. I followed it and
    discovered
    >> >> >> that everything in my registry was already set
    >> >> correctly.
    >> >> >>
    >> >> >> My root certificate is correctly being issued
    with a
    >> 2
    >> >> >> year expiration date.
    >> >> >>
    >> >> >> My problem is that all the certificates that I
    issue
    >> to
    >> >> >> my VPN keys that are based on that root
    certificate
    >> >> have
    >> >> >> an expiration date of only 1 year. I don't
    >> understand
    >> >> >> why these would have a different expiration date.
    >> >> >>
    >> >> >> Any other thoughts? Thanks for all your help.
    >> >> >>
    >> >> >> >-----Original Message-----
    >> >> >> >Hi Scott,
    >> >> >> >
    >> >> >> >How To Change the Expiration Date of Certificates
    >> That
    >> >> >> Are Issued by a
    >> >> >> >Windows Server 2003 or a Windows 2000 Server
    >> >> Certificate
    >> >> >> Authority
    >> >> >> >http://support.microsoft.com/default.aspx?
    >> scid=kb;en-
    >> >> >> us;254632&Product=win2000
    >> >> >> >
    >> >> >> >Feel free to post back if you have any questions
    >> >> >> regarding this.
    >> >> >> >
    >> >> >> >Mike
    >> >> >> >
    >> >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    >> wrote
    >> >> in
    >> >> >> message
    >> >> >> >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    >> >> >> >> My main certificate was set to expire on
    September
    >> >> 10,
    >> >> >> >> 2004. I renewed the certificate with the same
    >> >> private
    >> >> >> >> key, and it is now set to expire on Sep 1, 2006
    >> >> >> >> (basically 2 years from today) This seemed to
    >> work
    >> >> >> >> correctly. When I now issue a new certificate
    to
    >> a
    >> >> >> smart
    >> >> >> >> card for VPN purposes, it gives the
    certificate an
    >> >> >> >> expiration date of Sep 1, 2005 (A year before
    the
    >> >> base
    >> >> >> >> certificate is set to expire).
    >> >> >> >>
    >> >> >> >> I don't want to have to renew all the company's
    >> VPN
    >> >> >> keys
    >> >> >> >> in a year. How can I set the expiration date
    to
    >> the
    >> >> >> same
    >> >> >> >> as the root cert?
    >> >> >> >
    >> >> >> >
    >> >> >> >.
    >> >> >> >
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  11. Archived from groups: microsoft.public.win2000.security (More info?)

    It looks as Paul suggested that this 1 year limit is set in certificate
    template. This is not a problem if you have standalone CA setup.

    Unfortunately on Windows 2000 you can't edit (customize) templates. You can
    create customized templates on Windows 2003.

    Mike

    <anonymous@discussions.microsoft.com> wrote in message
    news:434b01c49030$f348c900$a301280a@phx.gbl...
    > It says Enterprise Root CA. It is the only CA on our
    > network.
    >
    > >-----Original Message-----
    > >How do you have this CA setup? Is this an Enterprise Root
    > CA or Standalone
    > >Root CA?
    > >
    > >Mike
    > >
    > ><anonymous@discussions.microsoft.com> wrote in message
    > >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    > >> I just doublechecked to make sure I was looking at the
    > >> right values and those are the exact values I have.
    > Under
    > >>
    > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSv
    > >> c\Configuration\"Certifcate Name"
    > >>
    > >> I have
    > >> Validity Period REG_SZ Years
    > >> Validity Period Units REG_DWORD 2
    > >>
    > >> Thanks for all your help, but I am still not sure what I
    > >> am doing wrong.
    > >>
    > >> >-----Original Message-----
    > >> >I think you are looking at wrong values:
    > >> >
    > >> >Under
    > >>
    > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    > >> vc\Configuration\<
    > >> >CAName>
    > >> >
    > >> >Set this values like this:
    > >> >
    > >> >REG_SZ ValidityPeriod Years
    > >> >REG_DWORD ValidityPeriodUnits 2
    > >> >
    > >> >(default value for REG_DWORD ValidityPeriodUnits is 1 )
    > >> >
    > >> >Again check the posted article again! Also check Paul's
    > >> post!
    > >> >
    > >> >Mike
    > >> >
    > >> ><anonymous@discussions.microsoft.com> wrote in message
    > >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    > >> >> Years.
    > >> >>
    > >> >> >-----Original Message-----
    > >> >> >Scott,
    > >> >> >
    > >> >> >What value do you have under "ValidityPeriodUnits"
    > >> >> Registry Key?
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    > wrote
    > >> in
    > >> >> message
    > >> >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    > >> >> >> Thanks for the article. I followed it and
    > discovered
    > >> >> >> that everything in my registry was already set
    > >> >> correctly.
    > >> >> >>
    > >> >> >> My root certificate is correctly being issued
    > with a
    > >> 2
    > >> >> >> year expiration date.
    > >> >> >>
    > >> >> >> My problem is that all the certificates that I
    > issue
    > >> to
    > >> >> >> my VPN keys that are based on that root
    > certificate
    > >> >> have
    > >> >> >> an expiration date of only 1 year. I don't
    > >> understand
    > >> >> >> why these would have a different expiration date.
    > >> >> >>
    > >> >> >> Any other thoughts? Thanks for all your help.
    > >> >> >>
    > >> >> >> >-----Original Message-----
    > >> >> >> >Hi Scott,
    > >> >> >> >
    > >> >> >> >How To Change the Expiration Date of Certificates
    > >> That
    > >> >> >> Are Issued by a
    > >> >> >> >Windows Server 2003 or a Windows 2000 Server
    > >> >> Certificate
    > >> >> >> Authority
    > >> >> >> >http://support.microsoft.com/default.aspx?
    > >> scid=kb;en-
    > >> >> >> us;254632&Product=win2000
    > >> >> >> >
    > >> >> >> >Feel free to post back if you have any questions
    > >> >> >> regarding this.
    > >> >> >> >
    > >> >> >> >Mike
    > >> >> >> >
    > >> >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    > >> wrote
    > >> >> in
    > >> >> >> message
    > >> >> >> >news:01bf01c48f89$a7d80460$a401280a@phx.gbl...
    > >> >> >> >> My main certificate was set to expire on
    > September
    > >> >> 10,
    > >> >> >> >> 2004. I renewed the certificate with the same
    > >> >> private
    > >> >> >> >> key, and it is now set to expire on Sep 1, 2006
    > >> >> >> >> (basically 2 years from today) This seemed to
    > >> work
    > >> >> >> >> correctly. When I now issue a new certificate
    > to
    > >> a
    > >> >> >> smart
    > >> >> >> >> card for VPN purposes, it gives the
    > certificate an
    > >> >> >> >> expiration date of Sep 1, 2005 (A year before
    > the
    > >> >> base
    > >> >> >> >> certificate is set to expire).
    > >> >> >> >>
    > >> >> >> >> I don't want to have to renew all the company's
    > >> VPN
    > >> >> >> keys
    > >> >> >> >> in a year. How can I set the expiration date
    > to
    > >> the
    > >> >> >> same
    > >> >> >> >> as the root cert?
    > >> >> >> >
    > >> >> >> >
    > >> >> >> >.
    > >> >> >> >
    > >> >> >
    > >> >> >
    > >> >> >.
    > >> >> >
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  12. Archived from groups: microsoft.public.win2000.security (More info?)

    Ok, I may not be able to get around it then. However, I
    know 2 years ago when they set this up, they issued VPN
    certificates that had a 2 year expiration period.
    Everyone who set this up is gone though, and we are not
    sure how they did this. Thanks for all your help though.

    >-----Original Message-----
    >It looks as Paul suggested that this 1 year limit is set
    in certificate
    >template. This is not a problem if you have standalone
    CA setup.
    >
    >Unfortunately on Windows 2000 you can't edit (customize)
    templates. You can
    >create customized templates on Windows 2003.
    >
    >Mike
    >
    ><anonymous@discussions.microsoft.com> wrote in message
    >news:434b01c49030$f348c900$a301280a@phx.gbl...
    >> It says Enterprise Root CA. It is the only CA on our
    >> network.
    >>
    >> >-----Original Message-----
    >> >How do you have this CA setup? Is this an Enterprise
    Root
    >> CA or Standalone
    >> >Root CA?
    >> >
    >> >Mike
    >> >
    >> ><anonymous@discussions.microsoft.com> wrote in message
    >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    >> >> I just doublechecked to make sure I was looking at
    the
    >> >> right values and those are the exact values I have.
    >> Under
    >> >>
    >>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    v
    >> >> c\Configuration\"Certifcate Name"
    >> >>
    >> >> I have
    >> >> Validity Period REG_SZ Years
    >> >> Validity Period Units REG_DWORD 2
    >> >>
    >> >> Thanks for all your help, but I am still not sure
    what I
    >> >> am doing wrong.
    >> >>
    >> >> >-----Original Message-----
    >> >> >I think you are looking at wrong values:
    >> >> >
    >> >> >Under
    >> >>
    >>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    S
    >> >> vc\Configuration\<
    >> >> >CAName>
    >> >> >
    >> >> >Set this values like this:
    >> >> >
    >> >> >REG_SZ ValidityPeriod Years
    >> >> >REG_DWORD ValidityPeriodUnits 2
    >> >> >
    >> >> >(default value for REG_DWORD ValidityPeriodUnits
    is 1 )
    >> >> >
    >> >> >Again check the posted article again! Also check
    Paul's
    >> >> post!
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> ><anonymous@discussions.microsoft.com> wrote in
    message
    >> >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    >> >> >> Years.
    >> >> >>
    >> >> >> >-----Original Message-----
    >> >> >> >Scott,
    >> >> >> >
    >> >> >> >What value do you have
    under "ValidityPeriodUnits"
    >> >> >> Registry Key?
    >> >> >> >
    >> >> >> >Mike
    >> >> >> >
    >> >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    >> wrote
    >> >> in
    >> >> >> message
    >> >> >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    >> >> >> >> Thanks for the article. I followed it and
    >> discovered
    >> >> >> >> that everything in my registry was already set
    >> >> >> correctly.
    >> >> >> >>
    >> >> >> >> My root certificate is correctly being issued
    >> with a
    >> >> 2
    >> >> >> >> year expiration date.
    >> >> >> >>
    >> >> >> >> My problem is that all the certificates that I
    >> issue
    >> >> to
    >> >> >> >> my VPN keys that are based on that root
    >> certificate
    >> >> >> have
    >> >> >> >> an expiration date of only 1 year. I don't
    >> >> understand
    >> >> >> >> why these would have a different expiration
    date.
    >> >> >> >>
    >> >> >> >> Any other thoughts? Thanks for all your help.
    >> >> >> >>
    >> >> >> >> >-----Original Message-----
    >> >> >> >> >Hi Scott,
    >> >> >> >> >
    >> >> >> >> >How To Change the Expiration Date of
    Certificates
    >> >> That
    >> >> >> >> Are Issued by a
    >> >> >> >> >Windows Server 2003 or a Windows 2000 Server
    >> >> >> Certificate
    >> >> >> >> Authority
    >> >> >> >> >http://support.microsoft.com/default.aspx?
    >> >> scid=kb;en-
    >> >> >> >> us;254632&Product=win2000
    >> >> >> >> >
    >> >> >> >> >Feel free to post back if you have any
    questions
    >> >> >> >> regarding this.
    >> >> >> >> >
    >> >> >> >> >Mike
    >> >> >> >> >
    >> >> >> >> >"Scott25"
    <anonymous@discussions.microsoft.com>
    >> >> wrote
    >> >> >> in
    >> >> >> >> message
    >> >> >> >> >news:01bf01c48f89$a7d80460
    $a401280a@phx.gbl...
    >> >> >> >> >> My main certificate was set to expire on
    >> September
    >> >> >> 10,
    >> >> >> >> >> 2004. I renewed the certificate with the
    same
    >> >> >> private
    >> >> >> >> >> key, and it is now set to expire on Sep 1,
    2006
    >> >> >> >> >> (basically 2 years from today) This
    seemed to
    >> >> work
    >> >> >> >> >> correctly. When I now issue a new
    certificate
    >> to
    >> >> a
    >> >> >> >> smart
    >> >> >> >> >> card for VPN purposes, it gives the
    >> certificate an
    >> >> >> >> >> expiration date of Sep 1, 2005 (A year
    before
    >> the
    >> >> >> base
    >> >> >> >> >> certificate is set to expire).
    >> >> >> >> >>
    >> >> >> >> >> I don't want to have to renew all the
    company's
    >> >> VPN
    >> >> >> >> keys
    >> >> >> >> >> in a year. How can I set the expiration
    date
    >> to
    >> >> the
    >> >> >> >> same
    >> >> >> >> >> as the root cert?
    >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >.
    >> >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >> >> >.
    >> >> >> >
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  13. Archived from groups: microsoft.public.win2000.security (More info?)

    Which template do you use to issue certificate?

    Mike

    "Scott25" <anonymous@discussions.microsoft.com> wrote in message
    news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    > Ok, I may not be able to get around it then. However, I
    > know 2 years ago when they set this up, they issued VPN
    > certificates that had a 2 year expiration period.
    > Everyone who set this up is gone though, and we are not
    > sure how they did this. Thanks for all your help though.
    >
    > >-----Original Message-----
    > >It looks as Paul suggested that this 1 year limit is set
    > in certificate
    > >template. This is not a problem if you have standalone
    > CA setup.
    > >
    > >Unfortunately on Windows 2000 you can't edit (customize)
    > templates. You can
    > >create customized templates on Windows 2003.
    > >
    > >Mike
    > >
    > ><anonymous@discussions.microsoft.com> wrote in message
    > >news:434b01c49030$f348c900$a301280a@phx.gbl...
    > >> It says Enterprise Root CA. It is the only CA on our
    > >> network.
    > >>
    > >> >-----Original Message-----
    > >> >How do you have this CA setup? Is this an Enterprise
    > Root
    > >> CA or Standalone
    > >> >Root CA?
    > >> >
    > >> >Mike
    > >> >
    > >> ><anonymous@discussions.microsoft.com> wrote in message
    > >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    > >> >> I just doublechecked to make sure I was looking at
    > the
    > >> >> right values and those are the exact values I have.
    > >> Under
    > >> >>
    > >>
    > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    > v
    > >> >> c\Configuration\"Certifcate Name"
    > >> >>
    > >> >> I have
    > >> >> Validity Period REG_SZ Years
    > >> >> Validity Period Units REG_DWORD 2
    > >> >>
    > >> >> Thanks for all your help, but I am still not sure
    > what I
    > >> >> am doing wrong.
    > >> >>
    > >> >> >-----Original Message-----
    > >> >> >I think you are looking at wrong values:
    > >> >> >
    > >> >> >Under
    > >> >>
    > >>
    > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    > S
    > >> >> vc\Configuration\<
    > >> >> >CAName>
    > >> >> >
    > >> >> >Set this values like this:
    > >> >> >
    > >> >> >REG_SZ ValidityPeriod Years
    > >> >> >REG_DWORD ValidityPeriodUnits 2
    > >> >> >
    > >> >> >(default value for REG_DWORD ValidityPeriodUnits
    > is 1 )
    > >> >> >
    > >> >> >Again check the posted article again! Also check
    > Paul's
    > >> >> post!
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> ><anonymous@discussions.microsoft.com> wrote in
    > message
    > >> >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    > >> >> >> Years.
    > >> >> >>
    > >> >> >> >-----Original Message-----
    > >> >> >> >Scott,
    > >> >> >> >
    > >> >> >> >What value do you have
    > under "ValidityPeriodUnits"
    > >> >> >> Registry Key?
    > >> >> >> >
    > >> >> >> >Mike
    > >> >> >> >
    > >> >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    > >> wrote
    > >> >> in
    > >> >> >> message
    > >> >> >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    > >> >> >> >> Thanks for the article. I followed it and
    > >> discovered
    > >> >> >> >> that everything in my registry was already set
    > >> >> >> correctly.
    > >> >> >> >>
    > >> >> >> >> My root certificate is correctly being issued
    > >> with a
    > >> >> 2
    > >> >> >> >> year expiration date.
    > >> >> >> >>
    > >> >> >> >> My problem is that all the certificates that I
    > >> issue
    > >> >> to
    > >> >> >> >> my VPN keys that are based on that root
    > >> certificate
    > >> >> >> have
    > >> >> >> >> an expiration date of only 1 year. I don't
    > >> >> understand
    > >> >> >> >> why these would have a different expiration
    > date.
    > >> >> >> >>
    > >> >> >> >> Any other thoughts? Thanks for all your help.
    > >> >> >> >>
    > >> >> >> >> >-----Original Message-----
    > >> >> >> >> >Hi Scott,
    > >> >> >> >> >
    > >> >> >> >> >How To Change the Expiration Date of
    > Certificates
    > >> >> That
    > >> >> >> >> Are Issued by a
    > >> >> >> >> >Windows Server 2003 or a Windows 2000 Server
    > >> >> >> Certificate
    > >> >> >> >> Authority
    > >> >> >> >> >http://support.microsoft.com/default.aspx?
    > >> >> scid=kb;en-
    > >> >> >> >> us;254632&Product=win2000
    > >> >> >> >> >
    > >> >> >> >> >Feel free to post back if you have any
    > questions
    > >> >> >> >> regarding this.
    > >> >> >> >> >
    > >> >> >> >> >Mike
    > >> >> >> >> >
    > >> >> >> >> >"Scott25"
    > <anonymous@discussions.microsoft.com>
    > >> >> wrote
    > >> >> >> in
    > >> >> >> >> message
    > >> >> >> >> >news:01bf01c48f89$a7d80460
    > $a401280a@phx.gbl...
    > >> >> >> >> >> My main certificate was set to expire on
    > >> September
    > >> >> >> 10,
    > >> >> >> >> >> 2004. I renewed the certificate with the
    > same
    > >> >> >> private
    > >> >> >> >> >> key, and it is now set to expire on Sep 1,
    > 2006
    > >> >> >> >> >> (basically 2 years from today) This
    > seemed to
    > >> >> work
    > >> >> >> >> >> correctly. When I now issue a new
    > certificate
    > >> to
    > >> >> a
    > >> >> >> >> smart
    > >> >> >> >> >> card for VPN purposes, it gives the
    > >> certificate an
    > >> >> >> >> >> expiration date of Sep 1, 2005 (A year
    > before
    > >> the
    > >> >> >> base
    > >> >> >> >> >> certificate is set to expire).
    > >> >> >> >> >>
    > >> >> >> >> >> I don't want to have to renew all the
    > company's
    > >> >> VPN
    > >> >> >> >> keys
    > >> >> >> >> >> in a year. How can I set the expiration
    > date
    > >> to
    > >> >> the
    > >> >> >> >> same
    > >> >> >> >> >> as the root cert?
    > >> >> >> >> >
    > >> >> >> >> >
    > >> >> >> >> >.
    > >> >> >> >> >
    > >> >> >> >
    > >> >> >> >
    > >> >> >> >.
    > >> >> >> >
    > >> >> >
    > >> >> >
    > >> >> >.
    > >> >> >
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  14. Archived from groups: microsoft.public.win2000.security (More info?)

    Not quite sure what you mean when you refer
    to "Template." I am issuing certificates by going through
    a web interface for microsoft certification services. All
    of the issued certificates show up under Certification
    Authority, Under the Company Name, and then Issued
    Certificates.

    >-----Original Message-----
    >Which template do you use to issue certificate?
    >
    >Mike
    >
    >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    >> Ok, I may not be able to get around it then. However, I
    >> know 2 years ago when they set this up, they issued VPN
    >> certificates that had a 2 year expiration period.
    >> Everyone who set this up is gone though, and we are not
    >> sure how they did this. Thanks for all your help
    though.
    >>
    >> >-----Original Message-----
    >> >It looks as Paul suggested that this 1 year limit is
    set
    >> in certificate
    >> >template. This is not a problem if you have standalone
    >> CA setup.
    >> >
    >> >Unfortunately on Windows 2000 you can't edit
    (customize)
    >> templates. You can
    >> >create customized templates on Windows 2003.
    >> >
    >> >Mike
    >> >
    >> ><anonymous@discussions.microsoft.com> wrote in message
    >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    >> >> It says Enterprise Root CA. It is the only CA on our
    >> >> network.
    >> >>
    >> >> >-----Original Message-----
    >> >> >How do you have this CA setup? Is this an Enterprise
    >> Root
    >> >> CA or Standalone
    >> >> >Root CA?
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> ><anonymous@discussions.microsoft.com> wrote in
    message
    >> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    >> >> >> I just doublechecked to make sure I was looking at
    >> the
    >> >> >> right values and those are the exact values I
    have.
    >> >> Under
    >> >> >>
    >> >>
    >>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    >> v
    >> >> >> c\Configuration\"Certifcate Name"
    >> >> >>
    >> >> >> I have
    >> >> >> Validity Period REG_SZ Years
    >> >> >> Validity Period Units REG_DWORD 2
    >> >> >>
    >> >> >> Thanks for all your help, but I am still not sure
    >> what I
    >> >> >> am doing wrong.
    >> >> >>
    >> >> >> >-----Original Message-----
    >> >> >> >I think you are looking at wrong values:
    >> >> >> >
    >> >> >> >Under
    >> >> >>
    >> >>
    >>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    >> S
    >> >> >> vc\Configuration\<
    >> >> >> >CAName>
    >> >> >> >
    >> >> >> >Set this values like this:
    >> >> >> >
    >> >> >> >REG_SZ ValidityPeriod Years
    >> >> >> >REG_DWORD ValidityPeriodUnits 2
    >> >> >> >
    >> >> >> >(default value for REG_DWORD ValidityPeriodUnits
    >> is 1 )
    >> >> >> >
    >> >> >> >Again check the posted article again! Also check
    >> Paul's
    >> >> >> post!
    >> >> >> >
    >> >> >> >Mike
    >> >> >> >
    >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    >> message
    >> >> >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    >> >> >> >> Years.
    >> >> >> >>
    >> >> >> >> >-----Original Message-----
    >> >> >> >> >Scott,
    >> >> >> >> >
    >> >> >> >> >What value do you have
    >> under "ValidityPeriodUnits"
    >> >> >> >> Registry Key?
    >> >> >> >> >
    >> >> >> >> >Mike
    >> >> >> >> >
    >> >> >> >> >"Scott25"
    <anonymous@discussions.microsoft.com>
    >> >> wrote
    >> >> >> in
    >> >> >> >> message
    >> >> >> >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    >> >> >> >> >> Thanks for the article. I followed it and
    >> >> discovered
    >> >> >> >> >> that everything in my registry was already
    set
    >> >> >> >> correctly.
    >> >> >> >> >>
    >> >> >> >> >> My root certificate is correctly being
    issued
    >> >> with a
    >> >> >> 2
    >> >> >> >> >> year expiration date.
    >> >> >> >> >>
    >> >> >> >> >> My problem is that all the certificates
    that I
    >> >> issue
    >> >> >> to
    >> >> >> >> >> my VPN keys that are based on that root
    >> >> certificate
    >> >> >> >> have
    >> >> >> >> >> an expiration date of only 1 year. I don't
    >> >> >> understand
    >> >> >> >> >> why these would have a different expiration
    >> date.
    >> >> >> >> >>
    >> >> >> >> >> Any other thoughts? Thanks for all your
    help.
    >> >> >> >> >>
    >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >Hi Scott,
    >> >> >> >> >> >
    >> >> >> >> >> >How To Change the Expiration Date of
    >> Certificates
    >> >> >> That
    >> >> >> >> >> Are Issued by a
    >> >> >> >> >> >Windows Server 2003 or a Windows 2000
    Server
    >> >> >> >> Certificate
    >> >> >> >> >> Authority
    >> >> >> >> >> >http://support.microsoft.com/default.aspx?
    >> >> >> scid=kb;en-
    >> >> >> >> >> us;254632&Product=win2000
    >> >> >> >> >> >
    >> >> >> >> >> >Feel free to post back if you have any
    >> questions
    >> >> >> >> >> regarding this.
    >> >> >> >> >> >
    >> >> >> >> >> >Mike
    >> >> >> >> >> >
    >> >> >> >> >> >"Scott25"
    >> <anonymous@discussions.microsoft.com>
    >> >> >> wrote
    >> >> >> >> in
    >> >> >> >> >> message
    >> >> >> >> >> >news:01bf01c48f89$a7d80460
    >> $a401280a@phx.gbl...
    >> >> >> >> >> >> My main certificate was set to expire on
    >> >> September
    >> >> >> >> 10,
    >> >> >> >> >> >> 2004. I renewed the certificate with the
    >> same
    >> >> >> >> private
    >> >> >> >> >> >> key, and it is now set to expire on Sep
    1,
    >> 2006
    >> >> >> >> >> >> (basically 2 years from today) This
    >> seemed to
    >> >> >> work
    >> >> >> >> >> >> correctly. When I now issue a new
    >> certificate
    >> >> to
    >> >> >> a
    >> >> >> >> >> smart
    >> >> >> >> >> >> card for VPN purposes, it gives the
    >> >> certificate an
    >> >> >> >> >> >> expiration date of Sep 1, 2005 (A year
    >> before
    >> >> the
    >> >> >> >> base
    >> >> >> >> >> >> certificate is set to expire).
    >> >> >> >> >> >>
    >> >> >> >> >> >> I don't want to have to renew all the
    >> company's
    >> >> >> VPN
    >> >> >> >> >> keys
    >> >> >> >> >> >> in a year. How can I set the expiration
    >> date
    >> >> to
    >> >> >> the
    >> >> >> >> >> same
    >> >> >> >> >> >> as the root cert?
    >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >.
    >> >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >.
    >> >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >> >> >.
    >> >> >> >
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  15. Archived from groups: microsoft.public.win2000.security (More info?)

    Just found it, it is the CA template. Is that what you
    are looking for?

    >-----Original Message-----
    >Which template do you use to issue certificate?
    >
    >Mike
    >
    >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    >> Ok, I may not be able to get around it then. However,
    I
    >> know 2 years ago when they set this up, they issued VPN
    >> certificates that had a 2 year expiration period.
    >> Everyone who set this up is gone though, and we are not
    >> sure how they did this. Thanks for all your help
    though.
    >>
    >> >-----Original Message-----
    >> >It looks as Paul suggested that this 1 year limit is
    set
    >> in certificate
    >> >template. This is not a problem if you have standalone
    >> CA setup.
    >> >
    >> >Unfortunately on Windows 2000 you can't edit
    (customize)
    >> templates. You can
    >> >create customized templates on Windows 2003.
    >> >
    >> >Mike
    >> >
    >> ><anonymous@discussions.microsoft.com> wrote in message
    >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    >> >> It says Enterprise Root CA. It is the only CA on
    our
    >> >> network.
    >> >>
    >> >> >-----Original Message-----
    >> >> >How do you have this CA setup? Is this an
    Enterprise
    >> Root
    >> >> CA or Standalone
    >> >> >Root CA?
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> ><anonymous@discussions.microsoft.com> wrote in
    message
    >> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    >> >> >> I just doublechecked to make sure I was looking
    at
    >> the
    >> >> >> right values and those are the exact values I
    have.
    >> >> Under
    >> >> >>
    >> >>
    >>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    >> v
    >> >> >> c\Configuration\"Certifcate Name"
    >> >> >>
    >> >> >> I have
    >> >> >> Validity Period REG_SZ Years
    >> >> >> Validity Period Units REG_DWORD 2
    >> >> >>
    >> >> >> Thanks for all your help, but I am still not sure
    >> what I
    >> >> >> am doing wrong.
    >> >> >>
    >> >> >> >-----Original Message-----
    >> >> >> >I think you are looking at wrong values:
    >> >> >> >
    >> >> >> >Under
    >> >> >>
    >> >>
    >>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    >> S
    >> >> >> vc\Configuration\<
    >> >> >> >CAName>
    >> >> >> >
    >> >> >> >Set this values like this:
    >> >> >> >
    >> >> >> >REG_SZ ValidityPeriod Years
    >> >> >> >REG_DWORD ValidityPeriodUnits 2
    >> >> >> >
    >> >> >> >(default value for REG_DWORD ValidityPeriodUnits
    >> is 1 )
    >> >> >> >
    >> >> >> >Again check the posted article again! Also check
    >> Paul's
    >> >> >> post!
    >> >> >> >
    >> >> >> >Mike
    >> >> >> >
    >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    >> message
    >> >> >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    >> >> >> >> Years.
    >> >> >> >>
    >> >> >> >> >-----Original Message-----
    >> >> >> >> >Scott,
    >> >> >> >> >
    >> >> >> >> >What value do you have
    >> under "ValidityPeriodUnits"
    >> >> >> >> Registry Key?
    >> >> >> >> >
    >> >> >> >> >Mike
    >> >> >> >> >
    >> >> >> >> >"Scott25"
    <anonymous@discussions.microsoft.com>
    >> >> wrote
    >> >> >> in
    >> >> >> >> message
    >> >> >> >> >news:3aa601c48f92$bc102b70
    $a601280a@phx.gbl...
    >> >> >> >> >> Thanks for the article. I followed it and
    >> >> discovered
    >> >> >> >> >> that everything in my registry was already
    set
    >> >> >> >> correctly.
    >> >> >> >> >>
    >> >> >> >> >> My root certificate is correctly being
    issued
    >> >> with a
    >> >> >> 2
    >> >> >> >> >> year expiration date.
    >> >> >> >> >>
    >> >> >> >> >> My problem is that all the certificates
    that I
    >> >> issue
    >> >> >> to
    >> >> >> >> >> my VPN keys that are based on that root
    >> >> certificate
    >> >> >> >> have
    >> >> >> >> >> an expiration date of only 1 year. I don't
    >> >> >> understand
    >> >> >> >> >> why these would have a different expiration
    >> date.
    >> >> >> >> >>
    >> >> >> >> >> Any other thoughts? Thanks for all your
    help.
    >> >> >> >> >>
    >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >Hi Scott,
    >> >> >> >> >> >
    >> >> >> >> >> >How To Change the Expiration Date of
    >> Certificates
    >> >> >> That
    >> >> >> >> >> Are Issued by a
    >> >> >> >> >> >Windows Server 2003 or a Windows 2000
    Server
    >> >> >> >> Certificate
    >> >> >> >> >> Authority
    >> >> >> >> >> >http://support.microsoft.com/default.aspx?
    >> >> >> scid=kb;en-
    >> >> >> >> >> us;254632&Product=win2000
    >> >> >> >> >> >
    >> >> >> >> >> >Feel free to post back if you have any
    >> questions
    >> >> >> >> >> regarding this.
    >> >> >> >> >> >
    >> >> >> >> >> >Mike
    >> >> >> >> >> >
    >> >> >> >> >> >"Scott25"
    >> <anonymous@discussions.microsoft.com>
    >> >> >> wrote
    >> >> >> >> in
    >> >> >> >> >> message
    >> >> >> >> >> >news:01bf01c48f89$a7d80460
    >> $a401280a@phx.gbl...
    >> >> >> >> >> >> My main certificate was set to expire on
    >> >> September
    >> >> >> >> 10,
    >> >> >> >> >> >> 2004. I renewed the certificate with
    the
    >> same
    >> >> >> >> private
    >> >> >> >> >> >> key, and it is now set to expire on Sep
    1,
    >> 2006
    >> >> >> >> >> >> (basically 2 years from today) This
    >> seemed to
    >> >> >> work
    >> >> >> >> >> >> correctly. When I now issue a new
    >> certificate
    >> >> to
    >> >> >> a
    >> >> >> >> >> smart
    >> >> >> >> >> >> card for VPN purposes, it gives the
    >> >> certificate an
    >> >> >> >> >> >> expiration date of Sep 1, 2005 (A year
    >> before
    >> >> the
    >> >> >> >> base
    >> >> >> >> >> >> certificate is set to expire).
    >> >> >> >> >> >>
    >> >> >> >> >> >> I don't want to have to renew all the
    >> company's
    >> >> >> VPN
    >> >> >> >> >> keys
    >> >> >> >> >> >> in a year. How can I set the expiration
    >> date
    >> >> to
    >> >> >> the
    >> >> >> >> >> same
    >> >> >> >> >> >> as the root cert?
    >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >.
    >> >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >.
    >> >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >> >> >.
    >> >> >> >
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  16. Archived from groups: microsoft.public.win2000.security (More info?)

    In the web interface you can select between different Certificate Templates
    (e.g. Users, Administrator, SmartCard User, IPSec, ...). Which one do you
    select when issuing your certificates?

    http://freeweb.siol.net/mpihler/templates.jpg

    Mike

    "Scott25" <anonymous@discussions.microsoft.com> wrote in message
    news:00a901c49045$2cda6570$a401280a@phx.gbl...
    > Not quite sure what you mean when you refer
    > to "Template." I am issuing certificates by going through
    > a web interface for microsoft certification services. All
    > of the issued certificates show up under Certification
    > Authority, Under the Company Name, and then Issued
    > Certificates.
    >
    > >-----Original Message-----
    > >Which template do you use to issue certificate?
    > >
    > >Mike
    > >
    > >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    > message
    > >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    > >> Ok, I may not be able to get around it then. However, I
    > >> know 2 years ago when they set this up, they issued VPN
    > >> certificates that had a 2 year expiration period.
    > >> Everyone who set this up is gone though, and we are not
    > >> sure how they did this. Thanks for all your help
    > though.
    > >>
    > >> >-----Original Message-----
    > >> >It looks as Paul suggested that this 1 year limit is
    > set
    > >> in certificate
    > >> >template. This is not a problem if you have standalone
    > >> CA setup.
    > >> >
    > >> >Unfortunately on Windows 2000 you can't edit
    > (customize)
    > >> templates. You can
    > >> >create customized templates on Windows 2003.
    > >> >
    > >> >Mike
    > >> >
    > >> ><anonymous@discussions.microsoft.com> wrote in message
    > >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    > >> >> It says Enterprise Root CA. It is the only CA on our
    > >> >> network.
    > >> >>
    > >> >> >-----Original Message-----
    > >> >> >How do you have this CA setup? Is this an Enterprise
    > >> Root
    > >> >> CA or Standalone
    > >> >> >Root CA?
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> ><anonymous@discussions.microsoft.com> wrote in
    > message
    > >> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    > >> >> >> I just doublechecked to make sure I was looking at
    > >> the
    > >> >> >> right values and those are the exact values I
    > have.
    > >> >> Under
    > >> >> >>
    > >> >>
    > >>
    > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    > >> v
    > >> >> >> c\Configuration\"Certifcate Name"
    > >> >> >>
    > >> >> >> I have
    > >> >> >> Validity Period REG_SZ Years
    > >> >> >> Validity Period Units REG_DWORD 2
    > >> >> >>
    > >> >> >> Thanks for all your help, but I am still not sure
    > >> what I
    > >> >> >> am doing wrong.
    > >> >> >>
    > >> >> >> >-----Original Message-----
    > >> >> >> >I think you are looking at wrong values:
    > >> >> >> >
    > >> >> >> >Under
    > >> >> >>
    > >> >>
    > >>
    > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    > >> S
    > >> >> >> vc\Configuration\<
    > >> >> >> >CAName>
    > >> >> >> >
    > >> >> >> >Set this values like this:
    > >> >> >> >
    > >> >> >> >REG_SZ ValidityPeriod Years
    > >> >> >> >REG_DWORD ValidityPeriodUnits 2
    > >> >> >> >
    > >> >> >> >(default value for REG_DWORD ValidityPeriodUnits
    > >> is 1 )
    > >> >> >> >
    > >> >> >> >Again check the posted article again! Also check
    > >> Paul's
    > >> >> >> post!
    > >> >> >> >
    > >> >> >> >Mike
    > >> >> >> >
    > >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    > >> message
    > >> >> >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    > >> >> >> >> Years.
    > >> >> >> >>
    > >> >> >> >> >-----Original Message-----
    > >> >> >> >> >Scott,
    > >> >> >> >> >
    > >> >> >> >> >What value do you have
    > >> under "ValidityPeriodUnits"
    > >> >> >> >> Registry Key?
    > >> >> >> >> >
    > >> >> >> >> >Mike
    > >> >> >> >> >
    > >> >> >> >> >"Scott25"
    > <anonymous@discussions.microsoft.com>
    > >> >> wrote
    > >> >> >> in
    > >> >> >> >> message
    > >> >> >> >> >news:3aa601c48f92$bc102b70$a601280a@phx.gbl...
    > >> >> >> >> >> Thanks for the article. I followed it and
    > >> >> discovered
    > >> >> >> >> >> that everything in my registry was already
    > set
    > >> >> >> >> correctly.
    > >> >> >> >> >>
    > >> >> >> >> >> My root certificate is correctly being
    > issued
    > >> >> with a
    > >> >> >> 2
    > >> >> >> >> >> year expiration date.
    > >> >> >> >> >>
    > >> >> >> >> >> My problem is that all the certificates
    > that I
    > >> >> issue
    > >> >> >> to
    > >> >> >> >> >> my VPN keys that are based on that root
    > >> >> certificate
    > >> >> >> >> have
    > >> >> >> >> >> an expiration date of only 1 year. I don't
    > >> >> >> understand
    > >> >> >> >> >> why these would have a different expiration
    > >> date.
    > >> >> >> >> >>
    > >> >> >> >> >> Any other thoughts? Thanks for all your
    > help.
    > >> >> >> >> >>
    > >> >> >> >> >> >-----Original Message-----
    > >> >> >> >> >> >Hi Scott,
    > >> >> >> >> >> >
    > >> >> >> >> >> >How To Change the Expiration Date of
    > >> Certificates
    > >> >> >> That
    > >> >> >> >> >> Are Issued by a
    > >> >> >> >> >> >Windows Server 2003 or a Windows 2000
    > Server
    > >> >> >> >> Certificate
    > >> >> >> >> >> Authority
    > >> >> >> >> >> >http://support.microsoft.com/default.aspx?
    > >> >> >> scid=kb;en-
    > >> >> >> >> >> us;254632&Product=win2000
    > >> >> >> >> >> >
    > >> >> >> >> >> >Feel free to post back if you have any
    > >> questions
    > >> >> >> >> >> regarding this.
    > >> >> >> >> >> >
    > >> >> >> >> >> >Mike
    > >> >> >> >> >> >
    > >> >> >> >> >> >"Scott25"
    > >> <anonymous@discussions.microsoft.com>
    > >> >> >> wrote
    > >> >> >> >> in
    > >> >> >> >> >> message
    > >> >> >> >> >> >news:01bf01c48f89$a7d80460
    > >> $a401280a@phx.gbl...
    > >> >> >> >> >> >> My main certificate was set to expire on
    > >> >> September
    > >> >> >> >> 10,
    > >> >> >> >> >> >> 2004. I renewed the certificate with the
    > >> same
    > >> >> >> >> private
    > >> >> >> >> >> >> key, and it is now set to expire on Sep
    > 1,
    > >> 2006
    > >> >> >> >> >> >> (basically 2 years from today) This
    > >> seemed to
    > >> >> >> work
    > >> >> >> >> >> >> correctly. When I now issue a new
    > >> certificate
    > >> >> to
    > >> >> >> a
    > >> >> >> >> >> smart
    > >> >> >> >> >> >> card for VPN purposes, it gives the
    > >> >> certificate an
    > >> >> >> >> >> >> expiration date of Sep 1, 2005 (A year
    > >> before
    > >> >> the
    > >> >> >> >> base
    > >> >> >> >> >> >> certificate is set to expire).
    > >> >> >> >> >> >>
    > >> >> >> >> >> >> I don't want to have to renew all the
    > >> company's
    > >> >> >> VPN
    > >> >> >> >> >> keys
    > >> >> >> >> >> >> in a year. How can I set the expiration
    > >> date
    > >> >> to
    > >> >> >> the
    > >> >> >> >> >> same
    > >> >> >> >> >> >> as the root cert?
    > >> >> >> >> >> >
    > >> >> >> >> >> >
    > >> >> >> >> >> >.
    > >> >> >> >> >> >
    > >> >> >> >> >
    > >> >> >> >> >
    > >> >> >> >> >.
    > >> >> >> >> >
    > >> >> >> >
    > >> >> >> >
    > >> >> >> >.
    > >> >> >> >
    > >> >> >
    > >> >> >
    > >> >> >.
    > >> >> >
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  17. Archived from groups: microsoft.public.win2000.security (More info?)

    Smartcard Logon.

    >-----Original Message-----
    >In the web interface you can select between different
    Certificate Templates
    >(e.g. Users, Administrator, SmartCard User, IPSec, ...).
    Which one do you
    >select when issuing your certificates?
    >
    >http://freeweb.siol.net/mpihler/templates.jpg
    >
    >Mike
    >
    >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:00a901c49045$2cda6570$a401280a@phx.gbl...
    >> Not quite sure what you mean when you refer
    >> to "Template." I am issuing certificates by going
    through
    >> a web interface for microsoft certification services.
    All
    >> of the issued certificates show up under Certification
    >> Authority, Under the Company Name, and then Issued
    >> Certificates.
    >>
    >> >-----Original Message-----
    >> >Which template do you use to issue certificate?
    >> >
    >> >Mike
    >> >
    >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    in
    >> message
    >> >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    >> >> Ok, I may not be able to get around it then.
    However, I
    >> >> know 2 years ago when they set this up, they issued
    VPN
    >> >> certificates that had a 2 year expiration period.
    >> >> Everyone who set this up is gone though, and we are
    not
    >> >> sure how they did this. Thanks for all your help
    >> though.
    >> >>
    >> >> >-----Original Message-----
    >> >> >It looks as Paul suggested that this 1 year limit
    is
    >> set
    >> >> in certificate
    >> >> >template. This is not a problem if you have
    standalone
    >> >> CA setup.
    >> >> >
    >> >> >Unfortunately on Windows 2000 you can't edit
    >> (customize)
    >> >> templates. You can
    >> >> >create customized templates on Windows 2003.
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> ><anonymous@discussions.microsoft.com> wrote in
    message
    >> >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    >> >> >> It says Enterprise Root CA. It is the only CA
    on our
    >> >> >> network.
    >> >> >>
    >> >> >> >-----Original Message-----
    >> >> >> >How do you have this CA setup? Is this an
    Enterprise
    >> >> Root
    >> >> >> CA or Standalone
    >> >> >> >Root CA?
    >> >> >> >
    >> >> >> >Mike
    >> >> >> >
    >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    >> message
    >> >> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    >> >> >> >> I just doublechecked to make sure I was
    looking at
    >> >> the
    >> >> >> >> right values and those are the exact values I
    >> have.
    >> >> >> Under
    >> >> >> >>
    >> >> >>
    >> >>
    >>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    >> >> v
    >> >> >> >> c\Configuration\"Certifcate Name"
    >> >> >> >>
    >> >> >> >> I have
    >> >> >> >> Validity Period REG_SZ Years
    >> >> >> >> Validity Period Units REG_DWORD 2
    >> >> >> >>
    >> >> >> >> Thanks for all your help, but I am still not
    sure
    >> >> what I
    >> >> >> >> am doing wrong.
    >> >> >> >>
    >> >> >> >> >-----Original Message-----
    >> >> >> >> >I think you are looking at wrong values:
    >> >> >> >> >
    >> >> >> >> >Under
    >> >> >> >>
    >> >> >>
    >> >>
    >>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    >> >> S
    >> >> >> >> vc\Configuration\<
    >> >> >> >> >CAName>
    >> >> >> >> >
    >> >> >> >> >Set this values like this:
    >> >> >> >> >
    >> >> >> >> >REG_SZ ValidityPeriod Years
    >> >> >> >> >REG_DWORD ValidityPeriodUnits 2
    >> >> >> >> >
    >> >> >> >> >(default value for REG_DWORD
    ValidityPeriodUnits
    >> >> is 1 )
    >> >> >> >> >
    >> >> >> >> >Again check the posted article again! Also
    check
    >> >> Paul's
    >> >> >> >> post!
    >> >> >> >> >
    >> >> >> >> >Mike
    >> >> >> >> >
    >> >> >> >> ><anonymous@discussions.microsoft.com> wrote
    in
    >> >> message
    >> >> >> >> >news:425001c49027$d198c1b0
    $a301280a@phx.gbl...
    >> >> >> >> >> Years.
    >> >> >> >> >>
    >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >Scott,
    >> >> >> >> >> >
    >> >> >> >> >> >What value do you have
    >> >> under "ValidityPeriodUnits"
    >> >> >> >> >> Registry Key?
    >> >> >> >> >> >
    >> >> >> >> >> >Mike
    >> >> >> >> >> >
    >> >> >> >> >> >"Scott25"
    >> <anonymous@discussions.microsoft.com>
    >> >> >> wrote
    >> >> >> >> in
    >> >> >> >> >> message
    >> >> >> >> >> >news:3aa601c48f92$bc102b70
    $a601280a@phx.gbl...
    >> >> >> >> >> >> Thanks for the article. I followed it
    and
    >> >> >> discovered
    >> >> >> >> >> >> that everything in my registry was
    already
    >> set
    >> >> >> >> >> correctly.
    >> >> >> >> >> >>
    >> >> >> >> >> >> My root certificate is correctly being
    >> issued
    >> >> >> with a
    >> >> >> >> 2
    >> >> >> >> >> >> year expiration date.
    >> >> >> >> >> >>
    >> >> >> >> >> >> My problem is that all the certificates
    >> that I
    >> >> >> issue
    >> >> >> >> to
    >> >> >> >> >> >> my VPN keys that are based on that root
    >> >> >> certificate
    >> >> >> >> >> have
    >> >> >> >> >> >> an expiration date of only 1 year. I
    don't
    >> >> >> >> understand
    >> >> >> >> >> >> why these would have a different
    expiration
    >> >> date.
    >> >> >> >> >> >>
    >> >> >> >> >> >> Any other thoughts? Thanks for all your
    >> help.
    >> >> >> >> >> >>
    >> >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >> >Hi Scott,
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >How To Change the Expiration Date of
    >> >> Certificates
    >> >> >> >> That
    >> >> >> >> >> >> Are Issued by a
    >> >> >> >> >> >> >Windows Server 2003 or a Windows 2000
    >> Server
    >> >> >> >> >> Certificate
    >> >> >> >> >> >> Authority
    >> >> >> >> >> >>
    >http://support.microsoft.com/default.aspx?
    >> >> >> >> scid=kb;en-
    >> >> >> >> >> >> us;254632&Product=win2000
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >Feel free to post back if you have any
    >> >> questions
    >> >> >> >> >> >> regarding this.
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >Mike
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >"Scott25"
    >> >> <anonymous@discussions.microsoft.com>
    >> >> >> >> wrote
    >> >> >> >> >> in
    >> >> >> >> >> >> message
    >> >> >> >> >> >> >news:01bf01c48f89$a7d80460
    >> >> $a401280a@phx.gbl...
    >> >> >> >> >> >> >> My main certificate was set to
    expire on
    >> >> >> September
    >> >> >> >> >> 10,
    >> >> >> >> >> >> >> 2004. I renewed the certificate
    with the
    >> >> same
    >> >> >> >> >> private
    >> >> >> >> >> >> >> key, and it is now set to expire on
    Sep
    >> 1,
    >> >> 2006
    >> >> >> >> >> >> >> (basically 2 years from today) This
    >> >> seemed to
    >> >> >> >> work
    >> >> >> >> >> >> >> correctly. When I now issue a new
    >> >> certificate
    >> >> >> to
    >> >> >> >> a
    >> >> >> >> >> >> smart
    >> >> >> >> >> >> >> card for VPN purposes, it gives the
    >> >> >> certificate an
    >> >> >> >> >> >> >> expiration date of Sep 1, 2005 (A
    year
    >> >> before
    >> >> >> the
    >> >> >> >> >> base
    >> >> >> >> >> >> >> certificate is set to expire).
    >> >> >> >> >> >> >>
    >> >> >> >> >> >> >> I don't want to have to renew all the
    >> >> company's
    >> >> >> >> VPN
    >> >> >> >> >> >> keys
    >> >> >> >> >> >> >> in a year. How can I set the
    expiration
    >> >> date
    >> >> >> to
    >> >> >> >> the
    >> >> >> >> >> >> same
    >> >> >> >> >> >> >> as the root cert?
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >.
    >> >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >.
    >> >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >.
    >> >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >> >> >.
    >> >> >> >
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  18. Archived from groups: microsoft.public.win2000.security (More info?)

    SmartCard Logon

    Sorry, I keep forgetting to put in my name and it shows
    up as anonymous. Thanks for all your help so far.


    >-----Original Message-----
    >In the web interface you can select between different
    Certificate Templates
    >(e.g. Users, Administrator, SmartCard User, IPSec, ...).
    Which one do you
    >select when issuing your certificates?
    >
    >http://freeweb.siol.net/mpihler/templates.jpg
    >
    >Mike
    >
    >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:00a901c49045$2cda6570$a401280a@phx.gbl...
    >> Not quite sure what you mean when you refer
    >> to "Template." I am issuing certificates by going
    through
    >> a web interface for microsoft certification services.
    All
    >> of the issued certificates show up under Certification
    >> Authority, Under the Company Name, and then Issued
    >> Certificates.
    >>
    >> >-----Original Message-----
    >> >Which template do you use to issue certificate?
    >> >
    >> >Mike
    >> >
    >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    in
    >> message
    >> >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    >> >> Ok, I may not be able to get around it then.
    However, I
    >> >> know 2 years ago when they set this up, they issued
    VPN
    >> >> certificates that had a 2 year expiration period.
    >> >> Everyone who set this up is gone though, and we are
    not
    >> >> sure how they did this. Thanks for all your help
    >> though.
    >> >>
    >> >> >-----Original Message-----
    >> >> >It looks as Paul suggested that this 1 year limit
    is
    >> set
    >> >> in certificate
    >> >> >template. This is not a problem if you have
    standalone
    >> >> CA setup.
    >> >> >
    >> >> >Unfortunately on Windows 2000 you can't edit
    >> (customize)
    >> >> templates. You can
    >> >> >create customized templates on Windows 2003.
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> ><anonymous@discussions.microsoft.com> wrote in
    message
    >> >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    >> >> >> It says Enterprise Root CA. It is the only CA
    on our
    >> >> >> network.
    >> >> >>
    >> >> >> >-----Original Message-----
    >> >> >> >How do you have this CA setup? Is this an
    Enterprise
    >> >> Root
    >> >> >> CA or Standalone
    >> >> >> >Root CA?
    >> >> >> >
    >> >> >> >Mike
    >> >> >> >
    >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    >> message
    >> >> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    >> >> >> >> I just doublechecked to make sure I was
    looking at
    >> >> the
    >> >> >> >> right values and those are the exact values I
    >> have.
    >> >> >> Under
    >> >> >> >>
    >> >> >>
    >> >>
    >>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    >> >> v
    >> >> >> >> c\Configuration\"Certifcate Name"
    >> >> >> >>
    >> >> >> >> I have
    >> >> >> >> Validity Period REG_SZ Years
    >> >> >> >> Validity Period Units REG_DWORD 2
    >> >> >> >>
    >> >> >> >> Thanks for all your help, but I am still not
    sure
    >> >> what I
    >> >> >> >> am doing wrong.
    >> >> >> >>
    >> >> >> >> >-----Original Message-----
    >> >> >> >> >I think you are looking at wrong values:
    >> >> >> >> >
    >> >> >> >> >Under
    >> >> >> >>
    >> >> >>
    >> >>
    >>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    >> >> S
    >> >> >> >> vc\Configuration\<
    >> >> >> >> >CAName>
    >> >> >> >> >
    >> >> >> >> >Set this values like this:
    >> >> >> >> >
    >> >> >> >> >REG_SZ ValidityPeriod Years
    >> >> >> >> >REG_DWORD ValidityPeriodUnits 2
    >> >> >> >> >
    >> >> >> >> >(default value for REG_DWORD
    ValidityPeriodUnits
    >> >> is 1 )
    >> >> >> >> >
    >> >> >> >> >Again check the posted article again! Also
    check
    >> >> Paul's
    >> >> >> >> post!
    >> >> >> >> >
    >> >> >> >> >Mike
    >> >> >> >> >
    >> >> >> >> ><anonymous@discussions.microsoft.com> wrote
    in
    >> >> message
    >> >> >> >> >news:425001c49027$d198c1b0
    $a301280a@phx.gbl...
    >> >> >> >> >> Years.
    >> >> >> >> >>
    >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >Scott,
    >> >> >> >> >> >
    >> >> >> >> >> >What value do you have
    >> >> under "ValidityPeriodUnits"
    >> >> >> >> >> Registry Key?
    >> >> >> >> >> >
    >> >> >> >> >> >Mike
    >> >> >> >> >> >
    >> >> >> >> >> >"Scott25"
    >> <anonymous@discussions.microsoft.com>
    >> >> >> wrote
    >> >> >> >> in
    >> >> >> >> >> message
    >> >> >> >> >> >news:3aa601c48f92$bc102b70
    $a601280a@phx.gbl...
    >> >> >> >> >> >> Thanks for the article. I followed it
    and
    >> >> >> discovered
    >> >> >> >> >> >> that everything in my registry was
    already
    >> set
    >> >> >> >> >> correctly.
    >> >> >> >> >> >>
    >> >> >> >> >> >> My root certificate is correctly being
    >> issued
    >> >> >> with a
    >> >> >> >> 2
    >> >> >> >> >> >> year expiration date.
    >> >> >> >> >> >>
    >> >> >> >> >> >> My problem is that all the certificates
    >> that I
    >> >> >> issue
    >> >> >> >> to
    >> >> >> >> >> >> my VPN keys that are based on that root
    >> >> >> certificate
    >> >> >> >> >> have
    >> >> >> >> >> >> an expiration date of only 1 year. I
    don't
    >> >> >> >> understand
    >> >> >> >> >> >> why these would have a different
    expiration
    >> >> date.
    >> >> >> >> >> >>
    >> >> >> >> >> >> Any other thoughts? Thanks for all your
    >> help.
    >> >> >> >> >> >>
    >> >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >> >Hi Scott,
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >How To Change the Expiration Date of
    >> >> Certificates
    >> >> >> >> That
    >> >> >> >> >> >> Are Issued by a
    >> >> >> >> >> >> >Windows Server 2003 or a Windows 2000
    >> Server
    >> >> >> >> >> Certificate
    >> >> >> >> >> >> Authority
    >> >> >> >> >> >>
    >http://support.microsoft.com/default.aspx?
    >> >> >> >> scid=kb;en-
    >> >> >> >> >> >> us;254632&Product=win2000
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >Feel free to post back if you have any
    >> >> questions
    >> >> >> >> >> >> regarding this.
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >Mike
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >"Scott25"
    >> >> <anonymous@discussions.microsoft.com>
    >> >> >> >> wrote
    >> >> >> >> >> in
    >> >> >> >> >> >> message
    >> >> >> >> >> >> >news:01bf01c48f89$a7d80460
    >> >> $a401280a@phx.gbl...
    >> >> >> >> >> >> >> My main certificate was set to
    expire on
    >> >> >> September
    >> >> >> >> >> 10,
    >> >> >> >> >> >> >> 2004. I renewed the certificate
    with the
    >> >> same
    >> >> >> >> >> private
    >> >> >> >> >> >> >> key, and it is now set to expire on
    Sep
    >> 1,
    >> >> 2006
    >> >> >> >> >> >> >> (basically 2 years from today) This
    >> >> seemed to
    >> >> >> >> work
    >> >> >> >> >> >> >> correctly. When I now issue a new
    >> >> certificate
    >> >> >> to
    >> >> >> >> a
    >> >> >> >> >> >> smart
    >> >> >> >> >> >> >> card for VPN purposes, it gives the
    >> >> >> certificate an
    >> >> >> >> >> >> >> expiration date of Sep 1, 2005 (A
    year
    >> >> before
    >> >> >> the
    >> >> >> >> >> base
    >> >> >> >> >> >> >> certificate is set to expire).
    >> >> >> >> >> >> >>
    >> >> >> >> >> >> >> I don't want to have to renew all the
    >> >> company's
    >> >> >> >> VPN
    >> >> >> >> >> >> keys
    >> >> >> >> >> >> >> in a year. How can I set the
    expiration
    >> >> date
    >> >> >> to
    >> >> >> >> the
    >> >> >> >> >> >> same
    >> >> >> >> >> >> >> as the root cert?
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >.
    >> >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >.
    >> >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >.
    >> >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >> >> >.
    >> >> >> >
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  19. Archived from groups: microsoft.public.win2000.security (More info?)

    Do you actually use Smart Cards to logon to domain -- or just to store
    certificates for VPN? What CSP do you use (CSP = Cryptographic Service
    Provider).

    Mike

    "Scott25" <anonymous@discussions.microsoft.com> wrote in message
    news:459e01c49050$36eaafb0$a301280a@phx.gbl...
    > SmartCard Logon
    >
    > Sorry, I keep forgetting to put in my name and it shows
    > up as anonymous. Thanks for all your help so far.
    >
    >
    > >-----Original Message-----
    > >In the web interface you can select between different
    > Certificate Templates
    > >(e.g. Users, Administrator, SmartCard User, IPSec, ...).
    > Which one do you
    > >select when issuing your certificates?
    > >
    > >http://freeweb.siol.net/mpihler/templates.jpg
    > >
    > >Mike
    > >
    > >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    > message
    > >news:00a901c49045$2cda6570$a401280a@phx.gbl...
    > >> Not quite sure what you mean when you refer
    > >> to "Template." I am issuing certificates by going
    > through
    > >> a web interface for microsoft certification services.
    > All
    > >> of the issued certificates show up under Certification
    > >> Authority, Under the Company Name, and then Issued
    > >> Certificates.
    > >>
    > >> >-----Original Message-----
    > >> >Which template do you use to issue certificate?
    > >> >
    > >> >Mike
    > >> >
    > >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    > in
    > >> message
    > >> >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    > >> >> Ok, I may not be able to get around it then.
    > However, I
    > >> >> know 2 years ago when they set this up, they issued
    > VPN
    > >> >> certificates that had a 2 year expiration period.
    > >> >> Everyone who set this up is gone though, and we are
    > not
    > >> >> sure how they did this. Thanks for all your help
    > >> though.
    > >> >>
    > >> >> >-----Original Message-----
    > >> >> >It looks as Paul suggested that this 1 year limit
    > is
    > >> set
    > >> >> in certificate
    > >> >> >template. This is not a problem if you have
    > standalone
    > >> >> CA setup.
    > >> >> >
    > >> >> >Unfortunately on Windows 2000 you can't edit
    > >> (customize)
    > >> >> templates. You can
    > >> >> >create customized templates on Windows 2003.
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> ><anonymous@discussions.microsoft.com> wrote in
    > message
    > >> >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    > >> >> >> It says Enterprise Root CA. It is the only CA
    > on our
    > >> >> >> network.
    > >> >> >>
    > >> >> >> >-----Original Message-----
    > >> >> >> >How do you have this CA setup? Is this an
    > Enterprise
    > >> >> Root
    > >> >> >> CA or Standalone
    > >> >> >> >Root CA?
    > >> >> >> >
    > >> >> >> >Mike
    > >> >> >> >
    > >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    > >> message
    > >> >> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    > >> >> >> >> I just doublechecked to make sure I was
    > looking at
    > >> >> the
    > >> >> >> >> right values and those are the exact values I
    > >> have.
    > >> >> >> Under
    > >> >> >> >>
    > >> >> >>
    > >> >>
    > >>
    > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    > >> >> v
    > >> >> >> >> c\Configuration\"Certifcate Name"
    > >> >> >> >>
    > >> >> >> >> I have
    > >> >> >> >> Validity Period REG_SZ Years
    > >> >> >> >> Validity Period Units REG_DWORD 2
    > >> >> >> >>
    > >> >> >> >> Thanks for all your help, but I am still not
    > sure
    > >> >> what I
    > >> >> >> >> am doing wrong.
    > >> >> >> >>
    > >> >> >> >> >-----Original Message-----
    > >> >> >> >> >I think you are looking at wrong values:
    > >> >> >> >> >
    > >> >> >> >> >Under
    > >> >> >> >>
    > >> >> >>
    > >> >>
    > >>
    > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    > >> >> S
    > >> >> >> >> vc\Configuration\<
    > >> >> >> >> >CAName>
    > >> >> >> >> >
    > >> >> >> >> >Set this values like this:
    > >> >> >> >> >
    > >> >> >> >> >REG_SZ ValidityPeriod Years
    > >> >> >> >> >REG_DWORD ValidityPeriodUnits 2
    > >> >> >> >> >
    > >> >> >> >> >(default value for REG_DWORD
    > ValidityPeriodUnits
    > >> >> is 1 )
    > >> >> >> >> >
    > >> >> >> >> >Again check the posted article again! Also
    > check
    > >> >> Paul's
    > >> >> >> >> post!
    > >> >> >> >> >
    > >> >> >> >> >Mike
    > >> >> >> >> >
    > >> >> >> >> ><anonymous@discussions.microsoft.com> wrote
    > in
    > >> >> message
    > >> >> >> >> >news:425001c49027$d198c1b0
    > $a301280a@phx.gbl...
    > >> >> >> >> >> Years.
    > >> >> >> >> >>
    > >> >> >> >> >> >-----Original Message-----
    > >> >> >> >> >> >Scott,
    > >> >> >> >> >> >
    > >> >> >> >> >> >What value do you have
    > >> >> under "ValidityPeriodUnits"
    > >> >> >> >> >> Registry Key?
    > >> >> >> >> >> >
    > >> >> >> >> >> >Mike
    > >> >> >> >> >> >
    > >> >> >> >> >> >"Scott25"
    > >> <anonymous@discussions.microsoft.com>
    > >> >> >> wrote
    > >> >> >> >> in
    > >> >> >> >> >> message
    > >> >> >> >> >> >news:3aa601c48f92$bc102b70
    > $a601280a@phx.gbl...
    > >> >> >> >> >> >> Thanks for the article. I followed it
    > and
    > >> >> >> discovered
    > >> >> >> >> >> >> that everything in my registry was
    > already
    > >> set
    > >> >> >> >> >> correctly.
    > >> >> >> >> >> >>
    > >> >> >> >> >> >> My root certificate is correctly being
    > >> issued
    > >> >> >> with a
    > >> >> >> >> 2
    > >> >> >> >> >> >> year expiration date.
    > >> >> >> >> >> >>
    > >> >> >> >> >> >> My problem is that all the certificates
    > >> that I
    > >> >> >> issue
    > >> >> >> >> to
    > >> >> >> >> >> >> my VPN keys that are based on that root
    > >> >> >> certificate
    > >> >> >> >> >> have
    > >> >> >> >> >> >> an expiration date of only 1 year. I
    > don't
    > >> >> >> >> understand
    > >> >> >> >> >> >> why these would have a different
    > expiration
    > >> >> date.
    > >> >> >> >> >> >>
    > >> >> >> >> >> >> Any other thoughts? Thanks for all your
    > >> help.
    > >> >> >> >> >> >>
    > >> >> >> >> >> >> >-----Original Message-----
    > >> >> >> >> >> >> >Hi Scott,
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >How To Change the Expiration Date of
    > >> >> Certificates
    > >> >> >> >> That
    > >> >> >> >> >> >> Are Issued by a
    > >> >> >> >> >> >> >Windows Server 2003 or a Windows 2000
    > >> Server
    > >> >> >> >> >> Certificate
    > >> >> >> >> >> >> Authority
    > >> >> >> >> >> >>
    > >http://support.microsoft.com/default.aspx?
    > >> >> >> >> scid=kb;en-
    > >> >> >> >> >> >> us;254632&Product=win2000
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >Feel free to post back if you have any
    > >> >> questions
    > >> >> >> >> >> >> regarding this.
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >Mike
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >"Scott25"
    > >> >> <anonymous@discussions.microsoft.com>
    > >> >> >> >> wrote
    > >> >> >> >> >> in
    > >> >> >> >> >> >> message
    > >> >> >> >> >> >> >news:01bf01c48f89$a7d80460
    > >> >> $a401280a@phx.gbl...
    > >> >> >> >> >> >> >> My main certificate was set to
    > expire on
    > >> >> >> September
    > >> >> >> >> >> 10,
    > >> >> >> >> >> >> >> 2004. I renewed the certificate
    > with the
    > >> >> same
    > >> >> >> >> >> private
    > >> >> >> >> >> >> >> key, and it is now set to expire on
    > Sep
    > >> 1,
    > >> >> 2006
    > >> >> >> >> >> >> >> (basically 2 years from today) This
    > >> >> seemed to
    > >> >> >> >> work
    > >> >> >> >> >> >> >> correctly. When I now issue a new
    > >> >> certificate
    > >> >> >> to
    > >> >> >> >> a
    > >> >> >> >> >> >> smart
    > >> >> >> >> >> >> >> card for VPN purposes, it gives the
    > >> >> >> certificate an
    > >> >> >> >> >> >> >> expiration date of Sep 1, 2005 (A
    > year
    > >> >> before
    > >> >> >> the
    > >> >> >> >> >> base
    > >> >> >> >> >> >> >> certificate is set to expire).
    > >> >> >> >> >> >> >>
    > >> >> >> >> >> >> >> I don't want to have to renew all the
    > >> >> company's
    > >> >> >> >> VPN
    > >> >> >> >> >> >> keys
    > >> >> >> >> >> >> >> in a year. How can I set the
    > expiration
    > >> >> date
    > >> >> >> to
    > >> >> >> >> the
    > >> >> >> >> >> >> same
    > >> >> >> >> >> >> >> as the root cert?
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >.
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >
    > >> >> >> >> >> >
    > >> >> >> >> >> >.
    > >> >> >> >> >> >
    > >> >> >> >> >
    > >> >> >> >> >
    > >> >> >> >> >.
    > >> >> >> >> >
    > >> >> >> >
    > >> >> >> >
    > >> >> >> >.
    > >> >> >> >
    > >> >> >
    > >> >> >
    > >> >> >.
    > >> >> >
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  20. Archived from groups: microsoft.public.win2000.security (More info?)

    CSP: eToken base Cryptographic Provider

    The smart cards do hold the certificates, but I am not
    quite sure from a technical perspective how VPN works.
    We set up a VPN connection that uses the smart cards
    which hold the certificate. The root certificate also
    has to be loaded on to the computer that is VPN'd in.
    The VPN is based on the smart cards though.

    >-----Original Message-----
    >Do you actually use Smart Cards to logon to domain -- or
    just to store
    >certificates for VPN? What CSP do you use (CSP =
    Cryptographic Service
    >Provider).
    >
    >Mike
    >
    >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:459e01c49050$36eaafb0$a301280a@phx.gbl...
    >> SmartCard Logon
    >>
    >> Sorry, I keep forgetting to put in my name and it shows
    >> up as anonymous. Thanks for all your help so far.
    >>
    >>
    >> >-----Original Message-----
    >> >In the web interface you can select between different
    >> Certificate Templates
    >> >(e.g. Users, Administrator, SmartCard User,
    IPSec, ...).
    >> Which one do you
    >> >select when issuing your certificates?
    >> >
    >> >http://freeweb.siol.net/mpihler/templates.jpg
    >> >
    >> >Mike
    >> >
    >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    in
    >> message
    >> >news:00a901c49045$2cda6570$a401280a@phx.gbl...
    >> >> Not quite sure what you mean when you refer
    >> >> to "Template." I am issuing certificates by going
    >> through
    >> >> a web interface for microsoft certification
    services.
    >> All
    >> >> of the issued certificates show up under
    Certification
    >> >> Authority, Under the Company Name, and then Issued
    >> >> Certificates.
    >> >>
    >> >> >-----Original Message-----
    >> >> >Which template do you use to issue certificate?
    >> >> >
    >> >> >Mike
    >> >> >
    >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    wrote
    >> in
    >> >> message
    >> >> >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    >> >> >> Ok, I may not be able to get around it then.
    >> However, I
    >> >> >> know 2 years ago when they set this up, they
    issued
    >> VPN
    >> >> >> certificates that had a 2 year expiration period.
    >> >> >> Everyone who set this up is gone though, and we
    are
    >> not
    >> >> >> sure how they did this. Thanks for all your help
    >> >> though.
    >> >> >>
    >> >> >> >-----Original Message-----
    >> >> >> >It looks as Paul suggested that this 1 year
    limit
    >> is
    >> >> set
    >> >> >> in certificate
    >> >> >> >template. This is not a problem if you have
    >> standalone
    >> >> >> CA setup.
    >> >> >> >
    >> >> >> >Unfortunately on Windows 2000 you can't edit
    >> >> (customize)
    >> >> >> templates. You can
    >> >> >> >create customized templates on Windows 2003.
    >> >> >> >
    >> >> >> >Mike
    >> >> >> >
    >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    >> message
    >> >> >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    >> >> >> >> It says Enterprise Root CA. It is the only CA
    >> on our
    >> >> >> >> network.
    >> >> >> >>
    >> >> >> >> >-----Original Message-----
    >> >> >> >> >How do you have this CA setup? Is this an
    >> Enterprise
    >> >> >> Root
    >> >> >> >> CA or Standalone
    >> >> >> >> >Root CA?
    >> >> >> >> >
    >> >> >> >> >Mike
    >> >> >> >> >
    >> >> >> >> ><anonymous@discussions.microsoft.com> wrote
    in
    >> >> message
    >> >> >> >> >news:097801c4902d$b98389b0
    $a401280a@phx.gbl...
    >> >> >> >> >> I just doublechecked to make sure I was
    >> looking at
    >> >> >> the
    >> >> >> >> >> right values and those are the exact
    values I
    >> >> have.
    >> >> >> >> Under
    >> >> >> >> >>
    >> >> >> >>
    >> >> >>
    >> >>
    >>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    >> >> >> v
    >> >> >> >> >> c\Configuration\"Certifcate Name"
    >> >> >> >> >>
    >> >> >> >> >> I have
    >> >> >> >> >> Validity Period REG_SZ Years
    >> >> >> >> >> Validity Period Units REG_DWORD 2
    >> >> >> >> >>
    >> >> >> >> >> Thanks for all your help, but I am still
    not
    >> sure
    >> >> >> what I
    >> >> >> >> >> am doing wrong.
    >> >> >> >> >>
    >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >I think you are looking at wrong values:
    >> >> >> >> >> >
    >> >> >> >> >> >Under
    >> >> >> >> >>
    >> >> >> >>
    >> >> >>
    >> >>
    >>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    >> >> >> S
    >> >> >> >> >> vc\Configuration\<
    >> >> >> >> >> >CAName>
    >> >> >> >> >> >
    >> >> >> >> >> >Set this values like this:
    >> >> >> >> >> >
    >> >> >> >> >> >REG_SZ ValidityPeriod
    Years
    >> >> >> >> >> >REG_DWORD ValidityPeriodUnits 2
    >> >> >> >> >> >
    >> >> >> >> >> >(default value for REG_DWORD
    >> ValidityPeriodUnits
    >> >> >> is 1 )
    >> >> >> >> >> >
    >> >> >> >> >> >Again check the posted article again! Also
    >> check
    >> >> >> Paul's
    >> >> >> >> >> post!
    >> >> >> >> >> >
    >> >> >> >> >> >Mike
    >> >> >> >> >> >
    >> >> >> >> >> ><anonymous@discussions.microsoft.com>
    wrote
    >> in
    >> >> >> message
    >> >> >> >> >> >news:425001c49027$d198c1b0
    >> $a301280a@phx.gbl...
    >> >> >> >> >> >> Years.
    >> >> >> >> >> >>
    >> >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >> >Scott,
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >What value do you have
    >> >> >> under "ValidityPeriodUnits"
    >> >> >> >> >> >> Registry Key?
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >Mike
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >"Scott25"
    >> >> <anonymous@discussions.microsoft.com>
    >> >> >> >> wrote
    >> >> >> >> >> in
    >> >> >> >> >> >> message
    >> >> >> >> >> >> >news:3aa601c48f92$bc102b70
    >> $a601280a@phx.gbl...
    >> >> >> >> >> >> >> Thanks for the article. I followed
    it
    >> and
    >> >> >> >> discovered
    >> >> >> >> >> >> >> that everything in my registry was
    >> already
    >> >> set
    >> >> >> >> >> >> correctly.
    >> >> >> >> >> >> >>
    >> >> >> >> >> >> >> My root certificate is correctly
    being
    >> >> issued
    >> >> >> >> with a
    >> >> >> >> >> 2
    >> >> >> >> >> >> >> year expiration date.
    >> >> >> >> >> >> >>
    >> >> >> >> >> >> >> My problem is that all the
    certificates
    >> >> that I
    >> >> >> >> issue
    >> >> >> >> >> to
    >> >> >> >> >> >> >> my VPN keys that are based on that
    root
    >> >> >> >> certificate
    >> >> >> >> >> >> have
    >> >> >> >> >> >> >> an expiration date of only 1 year. I
    >> don't
    >> >> >> >> >> understand
    >> >> >> >> >> >> >> why these would have a different
    >> expiration
    >> >> >> date.
    >> >> >> >> >> >> >>
    >> >> >> >> >> >> >> Any other thoughts? Thanks for all
    your
    >> >> help.
    >> >> >> >> >> >> >>
    >> >> >> >> >> >> >> >-----Original Message-----
    >> >> >> >> >> >> >> >Hi Scott,
    >> >> >> >> >> >> >> >
    >> >> >> >> >> >> >> >How To Change the Expiration Date of
    >> >> >> Certificates
    >> >> >> >> >> That
    >> >> >> >> >> >> >> Are Issued by a
    >> >> >> >> >> >> >> >Windows Server 2003 or a Windows
    2000
    >> >> Server
    >> >> >> >> >> >> Certificate
    >> >> >> >> >> >> >> Authority
    >> >> >> >> >> >> >>
    >> >http://support.microsoft.com/default.aspx?
    >> >> >> >> >> scid=kb;en-
    >> >> >> >> >> >> >> us;254632&Product=win2000
    >> >> >> >> >> >> >> >
    >> >> >> >> >> >> >> >Feel free to post back if you have
    any
    >> >> >> questions
    >> >> >> >> >> >> >> regarding this.
    >> >> >> >> >> >> >> >
    >> >> >> >> >> >> >> >Mike
    >> >> >> >> >> >> >> >
    >> >> >> >> >> >> >> >"Scott25"
    >> >> >> <anonymous@discussions.microsoft.com>
    >> >> >> >> >> wrote
    >> >> >> >> >> >> in
    >> >> >> >> >> >> >> message
    >> >> >> >> >> >> >> >news:01bf01c48f89$a7d80460
    >> >> >> $a401280a@phx.gbl...
    >> >> >> >> >> >> >> >> My main certificate was set to
    >> expire on
    >> >> >> >> September
    >> >> >> >> >> >> 10,
    >> >> >> >> >> >> >> >> 2004. I renewed the certificate
    >> with the
    >> >> >> same
    >> >> >> >> >> >> private
    >> >> >> >> >> >> >> >> key, and it is now set to expire
    on
    >> Sep
    >> >> 1,
    >> >> >> 2006
    >> >> >> >> >> >> >> >> (basically 2 years from today)
    This
    >> >> >> seemed to
    >> >> >> >> >> work
    >> >> >> >> >> >> >> >> correctly. When I now issue a new
    >> >> >> certificate
    >> >> >> >> to
    >> >> >> >> >> a
    >> >> >> >> >> >> >> smart
    >> >> >> >> >> >> >> >> card for VPN purposes, it gives
    the
    >> >> >> >> certificate an
    >> >> >> >> >> >> >> >> expiration date of Sep 1, 2005 (A
    >> year
    >> >> >> before
    >> >> >> >> the
    >> >> >> >> >> >> base
    >> >> >> >> >> >> >> >> certificate is set to expire).
    >> >> >> >> >> >> >> >>
    >> >> >> >> >> >> >> >> I don't want to have to renew all
    the
    >> >> >> company's
    >> >> >> >> >> VPN
    >> >> >> >> >> >> >> keys
    >> >> >> >> >> >> >> >> in a year. How can I set the
    >> expiration
    >> >> >> date
    >> >> >> >> to
    >> >> >> >> >> the
    >> >> >> >> >> >> >> same
    >> >> >> >> >> >> >> >> as the root cert?
    >> >> >> >> >> >> >> >
    >> >> >> >> >> >> >> >
    >> >> >> >> >> >> >> >.
    >> >> >> >> >> >> >> >
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >
    >> >> >> >> >> >> >.
    >> >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >
    >> >> >> >> >> >.
    >> >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >
    >> >> >> >> >.
    >> >> >> >> >
    >> >> >> >
    >> >> >> >
    >> >> >> >.
    >> >> >> >
    >> >> >
    >> >> >
    >> >> >.
    >> >> >
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  21. Archived from groups: microsoft.public.win2000.security (More info?)

    Scott,

    Sorry, but I can't seem to find a way around this... One solution would be
    to migrate to Windows 2003 Enterprise CA. There you can edit templates and
    change validity period.

    Mike

    "Scott25" <anonymous@discussions.microsoft.com> wrote in message
    news:447c01c49053$98d381e0$a501280a@phx.gbl...
    > CSP: eToken base Cryptographic Provider
    >
    > The smart cards do hold the certificates, but I am not
    > quite sure from a technical perspective how VPN works.
    > We set up a VPN connection that uses the smart cards
    > which hold the certificate. The root certificate also
    > has to be loaded on to the computer that is VPN'd in.
    > The VPN is based on the smart cards though.
    >
    > >-----Original Message-----
    > >Do you actually use Smart Cards to logon to domain -- or
    > just to store
    > >certificates for VPN? What CSP do you use (CSP =
    > Cryptographic Service
    > >Provider).
    > >
    > >Mike
    > >
    > >"Scott25" <anonymous@discussions.microsoft.com> wrote in
    > message
    > >news:459e01c49050$36eaafb0$a301280a@phx.gbl...
    > >> SmartCard Logon
    > >>
    > >> Sorry, I keep forgetting to put in my name and it shows
    > >> up as anonymous. Thanks for all your help so far.
    > >>
    > >>
    > >> >-----Original Message-----
    > >> >In the web interface you can select between different
    > >> Certificate Templates
    > >> >(e.g. Users, Administrator, SmartCard User,
    > IPSec, ...).
    > >> Which one do you
    > >> >select when issuing your certificates?
    > >> >
    > >> >http://freeweb.siol.net/mpihler/templates.jpg
    > >> >
    > >> >Mike
    > >> >
    > >> >"Scott25" <anonymous@discussions.microsoft.com> wrote
    > in
    > >> message
    > >> >news:00a901c49045$2cda6570$a401280a@phx.gbl...
    > >> >> Not quite sure what you mean when you refer
    > >> >> to "Template." I am issuing certificates by going
    > >> through
    > >> >> a web interface for microsoft certification
    > services.
    > >> All
    > >> >> of the issued certificates show up under
    > Certification
    > >> >> Authority, Under the Company Name, and then Issued
    > >> >> Certificates.
    > >> >>
    > >> >> >-----Original Message-----
    > >> >> >Which template do you use to issue certificate?
    > >> >> >
    > >> >> >Mike
    > >> >> >
    > >> >> >"Scott25" <anonymous@discussions.microsoft.com>
    > wrote
    > >> in
    > >> >> message
    > >> >> >news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    > >> >> >> Ok, I may not be able to get around it then.
    > >> However, I
    > >> >> >> know 2 years ago when they set this up, they
    > issued
    > >> VPN
    > >> >> >> certificates that had a 2 year expiration period.
    > >> >> >> Everyone who set this up is gone though, and we
    > are
    > >> not
    > >> >> >> sure how they did this. Thanks for all your help
    > >> >> though.
    > >> >> >>
    > >> >> >> >-----Original Message-----
    > >> >> >> >It looks as Paul suggested that this 1 year
    > limit
    > >> is
    > >> >> set
    > >> >> >> in certificate
    > >> >> >> >template. This is not a problem if you have
    > >> standalone
    > >> >> >> CA setup.
    > >> >> >> >
    > >> >> >> >Unfortunately on Windows 2000 you can't edit
    > >> >> (customize)
    > >> >> >> templates. You can
    > >> >> >> >create customized templates on Windows 2003.
    > >> >> >> >
    > >> >> >> >Mike
    > >> >> >> >
    > >> >> >> ><anonymous@discussions.microsoft.com> wrote in
    > >> message
    > >> >> >> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    > >> >> >> >> It says Enterprise Root CA. It is the only CA
    > >> on our
    > >> >> >> >> network.
    > >> >> >> >>
    > >> >> >> >> >-----Original Message-----
    > >> >> >> >> >How do you have this CA setup? Is this an
    > >> Enterprise
    > >> >> >> Root
    > >> >> >> >> CA or Standalone
    > >> >> >> >> >Root CA?
    > >> >> >> >> >
    > >> >> >> >> >Mike
    > >> >> >> >> >
    > >> >> >> >> ><anonymous@discussions.microsoft.com> wrote
    > in
    > >> >> message
    > >> >> >> >> >news:097801c4902d$b98389b0
    > $a401280a@phx.gbl...
    > >> >> >> >> >> I just doublechecked to make sure I was
    > >> looking at
    > >> >> >> the
    > >> >> >> >> >> right values and those are the exact
    > values I
    > >> >> have.
    > >> >> >> >> Under
    > >> >> >> >> >>
    > >> >> >> >>
    > >> >> >>
    > >> >>
    > >>
    > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    > >> >> >> v
    > >> >> >> >> >> c\Configuration\"Certifcate Name"
    > >> >> >> >> >>
    > >> >> >> >> >> I have
    > >> >> >> >> >> Validity Period REG_SZ Years
    > >> >> >> >> >> Validity Period Units REG_DWORD 2
    > >> >> >> >> >>
    > >> >> >> >> >> Thanks for all your help, but I am still
    > not
    > >> sure
    > >> >> >> what I
    > >> >> >> >> >> am doing wrong.
    > >> >> >> >> >>
    > >> >> >> >> >> >-----Original Message-----
    > >> >> >> >> >> >I think you are looking at wrong values:
    > >> >> >> >> >> >
    > >> >> >> >> >> >Under
    > >> >> >> >> >>
    > >> >> >> >>
    > >> >> >>
    > >> >>
    > >>
    > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    > >> >> >> S
    > >> >> >> >> >> vc\Configuration\<
    > >> >> >> >> >> >CAName>
    > >> >> >> >> >> >
    > >> >> >> >> >> >Set this values like this:
    > >> >> >> >> >> >
    > >> >> >> >> >> >REG_SZ ValidityPeriod
    > Years
    > >> >> >> >> >> >REG_DWORD ValidityPeriodUnits 2
    > >> >> >> >> >> >
    > >> >> >> >> >> >(default value for REG_DWORD
    > >> ValidityPeriodUnits
    > >> >> >> is 1 )
    > >> >> >> >> >> >
    > >> >> >> >> >> >Again check the posted article again! Also
    > >> check
    > >> >> >> Paul's
    > >> >> >> >> >> post!
    > >> >> >> >> >> >
    > >> >> >> >> >> >Mike
    > >> >> >> >> >> >
    > >> >> >> >> >> ><anonymous@discussions.microsoft.com>
    > wrote
    > >> in
    > >> >> >> message
    > >> >> >> >> >> >news:425001c49027$d198c1b0
    > >> $a301280a@phx.gbl...
    > >> >> >> >> >> >> Years.
    > >> >> >> >> >> >>
    > >> >> >> >> >> >> >-----Original Message-----
    > >> >> >> >> >> >> >Scott,
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >What value do you have
    > >> >> >> under "ValidityPeriodUnits"
    > >> >> >> >> >> >> Registry Key?
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >Mike
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >"Scott25"
    > >> >> <anonymous@discussions.microsoft.com>
    > >> >> >> >> wrote
    > >> >> >> >> >> in
    > >> >> >> >> >> >> message
    > >> >> >> >> >> >> >news:3aa601c48f92$bc102b70
    > >> $a601280a@phx.gbl...
    > >> >> >> >> >> >> >> Thanks for the article. I followed
    > it
    > >> and
    > >> >> >> >> discovered
    > >> >> >> >> >> >> >> that everything in my registry was
    > >> already
    > >> >> set
    > >> >> >> >> >> >> correctly.
    > >> >> >> >> >> >> >>
    > >> >> >> >> >> >> >> My root certificate is correctly
    > being
    > >> >> issued
    > >> >> >> >> with a
    > >> >> >> >> >> 2
    > >> >> >> >> >> >> >> year expiration date.
    > >> >> >> >> >> >> >>
    > >> >> >> >> >> >> >> My problem is that all the
    > certificates
    > >> >> that I
    > >> >> >> >> issue
    > >> >> >> >> >> to
    > >> >> >> >> >> >> >> my VPN keys that are based on that
    > root
    > >> >> >> >> certificate
    > >> >> >> >> >> >> have
    > >> >> >> >> >> >> >> an expiration date of only 1 year. I
    > >> don't
    > >> >> >> >> >> understand
    > >> >> >> >> >> >> >> why these would have a different
    > >> expiration
    > >> >> >> date.
    > >> >> >> >> >> >> >>
    > >> >> >> >> >> >> >> Any other thoughts? Thanks for all
    > your
    > >> >> help.
    > >> >> >> >> >> >> >>
    > >> >> >> >> >> >> >> >-----Original Message-----
    > >> >> >> >> >> >> >> >Hi Scott,
    > >> >> >> >> >> >> >> >
    > >> >> >> >> >> >> >> >How To Change the Expiration Date of
    > >> >> >> Certificates
    > >> >> >> >> >> That
    > >> >> >> >> >> >> >> Are Issued by a
    > >> >> >> >> >> >> >> >Windows Server 2003 or a Windows
    > 2000
    > >> >> Server
    > >> >> >> >> >> >> Certificate
    > >> >> >> >> >> >> >> Authority
    > >> >> >> >> >> >> >>
    > >> >http://support.microsoft.com/default.aspx?
    > >> >> >> >> >> scid=kb;en-
    > >> >> >> >> >> >> >> us;254632&Product=win2000
    > >> >> >> >> >> >> >> >
    > >> >> >> >> >> >> >> >Feel free to post back if you have
    > any
    > >> >> >> questions
    > >> >> >> >> >> >> >> regarding this.
    > >> >> >> >> >> >> >> >
    > >> >> >> >> >> >> >> >Mike
    > >> >> >> >> >> >> >> >
    > >> >> >> >> >> >> >> >"Scott25"
    > >> >> >> <anonymous@discussions.microsoft.com>
    > >> >> >> >> >> wrote
    > >> >> >> >> >> >> in
    > >> >> >> >> >> >> >> message
    > >> >> >> >> >> >> >> >news:01bf01c48f89$a7d80460
    > >> >> >> $a401280a@phx.gbl...
    > >> >> >> >> >> >> >> >> My main certificate was set to
    > >> expire on
    > >> >> >> >> September
    > >> >> >> >> >> >> 10,
    > >> >> >> >> >> >> >> >> 2004. I renewed the certificate
    > >> with the
    > >> >> >> same
    > >> >> >> >> >> >> private
    > >> >> >> >> >> >> >> >> key, and it is now set to expire
    > on
    > >> Sep
    > >> >> 1,
    > >> >> >> 2006
    > >> >> >> >> >> >> >> >> (basically 2 years from today)
    > This
    > >> >> >> seemed to
    > >> >> >> >> >> work
    > >> >> >> >> >> >> >> >> correctly. When I now issue a new
    > >> >> >> certificate
    > >> >> >> >> to
    > >> >> >> >> >> a
    > >> >> >> >> >> >> >> smart
    > >> >> >> >> >> >> >> >> card for VPN purposes, it gives
    > the
    > >> >> >> >> certificate an
    > >> >> >> >> >> >> >> >> expiration date of Sep 1, 2005 (A
    > >> year
    > >> >> >> before
    > >> >> >> >> the
    > >> >> >> >> >> >> base
    > >> >> >> >> >> >> >> >> certificate is set to expire).
    > >> >> >> >> >> >> >> >>
    > >> >> >> >> >> >> >> >> I don't want to have to renew all
    > the
    > >> >> >> company's
    > >> >> >> >> >> VPN
    > >> >> >> >> >> >> >> keys
    > >> >> >> >> >> >> >> >> in a year. How can I set the
    > >> expiration
    > >> >> >> date
    > >> >> >> >> to
    > >> >> >> >> >> the
    > >> >> >> >> >> >> >> same
    > >> >> >> >> >> >> >> >> as the root cert?
    > >> >> >> >> >> >> >> >
    > >> >> >> >> >> >> >> >
    > >> >> >> >> >> >> >> >.
    > >> >> >> >> >> >> >> >
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >> >.
    > >> >> >> >> >> >> >
    > >> >> >> >> >> >
    > >> >> >> >> >> >
    > >> >> >> >> >> >.
    > >> >> >> >> >> >
    > >> >> >> >> >
    > >> >> >> >> >
    > >> >> >> >> >.
    > >> >> >> >> >
    > >> >> >> >
    > >> >> >> >
    > >> >> >> >.
    > >> >> >> >
    > >> >> >
    > >> >> >
    > >> >> >.
    > >> >> >
    > >> >
    > >> >
    > >> >.
    > >> >
    > >
    > >
    > >.
    > >
  22. Archived from groups: microsoft.public.win2000.security (More info?)

    One more thing. MS CA will not issue a user certificate
    whose expiration will be BEYOND the issuing authority
    certificate.

    If you use 2003 online CA, it contains templates. You may
    create a new template by copying an already available one
    and modify the validty period issued using the template.
    --Amjad.
    >-----Original Message-----
    >Not quite sure what you mean when you refer
    >to "Template." I am issuing certificates by going
    through
    >a web interface for microsoft certification services.
    All
    >of the issued certificates show up under Certification
    >Authority, Under the Company Name, and then Issued
    >Certificates.
    >
    >>-----Original Message-----
    >>Which template do you use to issue certificate?
    >>
    >>Mike
    >>
    >>"Scott25" <anonymous@discussions.microsoft.com> wrote in
    >message
    >>news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    >>> Ok, I may not be able to get around it then. However,
    I
    >>> know 2 years ago when they set this up, they issued VPN
    >>> certificates that had a 2 year expiration period.
    >>> Everyone who set this up is gone though, and we are not
    >>> sure how they did this. Thanks for all your help
    >though.
    >>>
    >>> >-----Original Message-----
    >>> >It looks as Paul suggested that this 1 year limit is
    >set
    >>> in certificate
    >>> >template. This is not a problem if you have standalone
    >>> CA setup.
    >>> >
    >>> >Unfortunately on Windows 2000 you can't edit
    >(customize)
    >>> templates. You can
    >>> >create customized templates on Windows 2003.
    >>> >
    >>> >Mike
    >>> >
    >>> ><anonymous@discussions.microsoft.com> wrote in message
    >>> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    >>> >> It says Enterprise Root CA. It is the only CA on
    our
    >>> >> network.
    >>> >>
    >>> >> >-----Original Message-----
    >>> >> >How do you have this CA setup? Is this an
    Enterprise
    >>> Root
    >>> >> CA or Standalone
    >>> >> >Root CA?
    >>> >> >
    >>> >> >Mike
    >>> >> >
    >>> >> ><anonymous@discussions.microsoft.com> wrote in
    >message
    >>> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    >>> >> >> I just doublechecked to make sure I was looking
    at
    >>> the
    >>> >> >> right values and those are the exact values I
    >have.
    >>> >> Under
    >>> >> >>
    >>> >>
    >>>
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    >>> v
    >>> >> >> c\Configuration\"Certifcate Name"
    >>> >> >>
    >>> >> >> I have
    >>> >> >> Validity Period REG_SZ Years
    >>> >> >> Validity Period Units REG_DWORD 2
    >>> >> >>
    >>> >> >> Thanks for all your help, but I am still not sure
    >>> what I
    >>> >> >> am doing wrong.
    >>> >> >>
    >>> >> >> >-----Original Message-----
    >>> >> >> >I think you are looking at wrong values:
    >>> >> >> >
    >>> >> >> >Under
    >>> >> >>
    >>> >>
    >>>
    >>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    >>> S
    >>> >> >> vc\Configuration\<
    >>> >> >> >CAName>
    >>> >> >> >
    >>> >> >> >Set this values like this:
    >>> >> >> >
    >>> >> >> >REG_SZ ValidityPeriod Years
    >>> >> >> >REG_DWORD ValidityPeriodUnits 2
    >>> >> >> >
    >>> >> >> >(default value for REG_DWORD ValidityPeriodUnits
    >>> is 1 )
    >>> >> >> >
    >>> >> >> >Again check the posted article again! Also check
    >>> Paul's
    >>> >> >> post!
    >>> >> >> >
    >>> >> >> >Mike
    >>> >> >> >
    >>> >> >> ><anonymous@discussions.microsoft.com> wrote in
    >>> message
    >>> >> >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    >>> >> >> >> Years.
    >>> >> >> >>
    >>> >> >> >> >-----Original Message-----
    >>> >> >> >> >Scott,
    >>> >> >> >> >
    >>> >> >> >> >What value do you have
    >>> under "ValidityPeriodUnits"
    >>> >> >> >> Registry Key?
    >>> >> >> >> >
    >>> >> >> >> >Mike
    >>> >> >> >> >
    >>> >> >> >> >"Scott25"
    ><anonymous@discussions.microsoft.com>
    >>> >> wrote
    >>> >> >> in
    >>> >> >> >> message
    >>> >> >> >> >news:3aa601c48f92$bc102b70
    $a601280a@phx.gbl...
    >>> >> >> >> >> Thanks for the article. I followed it and
    >>> >> discovered
    >>> >> >> >> >> that everything in my registry was already
    >set
    >>> >> >> >> correctly.
    >>> >> >> >> >>
    >>> >> >> >> >> My root certificate is correctly being
    >issued
    >>> >> with a
    >>> >> >> 2
    >>> >> >> >> >> year expiration date.
    >>> >> >> >> >>
    >>> >> >> >> >> My problem is that all the certificates
    >that I
    >>> >> issue
    >>> >> >> to
    >>> >> >> >> >> my VPN keys that are based on that root
    >>> >> certificate
    >>> >> >> >> have
    >>> >> >> >> >> an expiration date of only 1 year. I don't
    >>> >> >> understand
    >>> >> >> >> >> why these would have a different expiration
    >>> date.
    >>> >> >> >> >>
    >>> >> >> >> >> Any other thoughts? Thanks for all your
    >help.
    >>> >> >> >> >>
    >>> >> >> >> >> >-----Original Message-----
    >>> >> >> >> >> >Hi Scott,
    >>> >> >> >> >> >
    >>> >> >> >> >> >How To Change the Expiration Date of
    >>> Certificates
    >>> >> >> That
    >>> >> >> >> >> Are Issued by a
    >>> >> >> >> >> >Windows Server 2003 or a Windows 2000
    >Server
    >>> >> >> >> Certificate
    >>> >> >> >> >> Authority
    >>> >> >> >> >> >http://support.microsoft.com/default.aspx?
    >>> >> >> scid=kb;en-
    >>> >> >> >> >> us;254632&Product=win2000
    >>> >> >> >> >> >
    >>> >> >> >> >> >Feel free to post back if you have any
    >>> questions
    >>> >> >> >> >> regarding this.
    >>> >> >> >> >> >
    >>> >> >> >> >> >Mike
    >>> >> >> >> >> >
    >>> >> >> >> >> >"Scott25"
    >>> <anonymous@discussions.microsoft.com>
    >>> >> >> wrote
    >>> >> >> >> in
    >>> >> >> >> >> message
    >>> >> >> >> >> >news:01bf01c48f89$a7d80460
    >>> $a401280a@phx.gbl...
    >>> >> >> >> >> >> My main certificate was set to expire on
    >>> >> September
    >>> >> >> >> 10,
    >>> >> >> >> >> >> 2004. I renewed the certificate with
    the
    >>> same
    >>> >> >> >> private
    >>> >> >> >> >> >> key, and it is now set to expire on Sep
    >1,
    >>> 2006
    >>> >> >> >> >> >> (basically 2 years from today) This
    >>> seemed to
    >>> >> >> work
    >>> >> >> >> >> >> correctly. When I now issue a new
    >>> certificate
    >>> >> to
    >>> >> >> a
    >>> >> >> >> >> smart
    >>> >> >> >> >> >> card for VPN purposes, it gives the
    >>> >> certificate an
    >>> >> >> >> >> >> expiration date of Sep 1, 2005 (A year
    >>> before
    >>> >> the
    >>> >> >> >> base
    >>> >> >> >> >> >> certificate is set to expire).
    >>> >> >> >> >> >>
    >>> >> >> >> >> >> I don't want to have to renew all the
    >>> company's
    >>> >> >> VPN
    >>> >> >> >> >> keys
    >>> >> >> >> >> >> in a year. How can I set the expiration
    >>> date
    >>> >> to
    >>> >> >> the
    >>> >> >> >> >> same
    >>> >> >> >> >> >> as the root cert?
    >>> >> >> >> >> >
    >>> >> >> >> >> >
    >>> >> >> >> >> >.
    >>> >> >> >> >> >
    >>> >> >> >> >
    >>> >> >> >> >
    >>> >> >> >> >.
    >>> >> >> >> >
    >>> >> >> >
    >>> >> >> >
    >>> >> >> >.
    >>> >> >> >
    >>> >> >
    >>> >> >
    >>> >> >.
    >>> >> >
    >>> >
    >>> >
    >>> >.
    >>> >
    >>
    >>
    >>.
    >>
    >.
    >
  23. Archived from groups: microsoft.public.win2000.security (More info?)

    It's 2000 CA.

    If e.g. CA cert is valid till e.g. 1.9.2006 and you have policy (template)
    that should issue certificate for 5 years CA will create a certificate that
    will be valid for 1.9.2006.

    Mike

    "Amjad." <anonymous@discussions.microsoft.com> wrote in message
    news:04b601c49122$18928e70$3501280a@phx.gbl...
    > One more thing. MS CA will not issue a user certificate
    > whose expiration will be BEYOND the issuing authority
    > certificate.
    >
    > If you use 2003 online CA, it contains templates. You may
    > create a new template by copying an already available one
    > and modify the validty period issued using the template.
    > --Amjad.
    > >-----Original Message-----
    > >Not quite sure what you mean when you refer
    > >to "Template." I am issuing certificates by going
    > through
    > >a web interface for microsoft certification services.
    > All
    > >of the issued certificates show up under Certification
    > >Authority, Under the Company Name, and then Issued
    > >Certificates.
    > >
    > >>-----Original Message-----
    > >>Which template do you use to issue certificate?
    > >>
    > >>Mike
    > >>
    > >>"Scott25" <anonymous@discussions.microsoft.com> wrote in
    > >message
    > >>news:42e801c4903d$80cd4ec0$a501280a@phx.gbl...
    > >>> Ok, I may not be able to get around it then. However,
    > I
    > >>> know 2 years ago when they set this up, they issued VPN
    > >>> certificates that had a 2 year expiration period.
    > >>> Everyone who set this up is gone though, and we are not
    > >>> sure how they did this. Thanks for all your help
    > >though.
    > >>>
    > >>> >-----Original Message-----
    > >>> >It looks as Paul suggested that this 1 year limit is
    > >set
    > >>> in certificate
    > >>> >template. This is not a problem if you have standalone
    > >>> CA setup.
    > >>> >
    > >>> >Unfortunately on Windows 2000 you can't edit
    > >(customize)
    > >>> templates. You can
    > >>> >create customized templates on Windows 2003.
    > >>> >
    > >>> >Mike
    > >>> >
    > >>> ><anonymous@discussions.microsoft.com> wrote in message
    > >>> >news:434b01c49030$f348c900$a301280a@phx.gbl...
    > >>> >> It says Enterprise Root CA. It is the only CA on
    > our
    > >>> >> network.
    > >>> >>
    > >>> >> >-----Original Message-----
    > >>> >> >How do you have this CA setup? Is this an
    > Enterprise
    > >>> Root
    > >>> >> CA or Standalone
    > >>> >> >Root CA?
    > >>> >> >
    > >>> >> >Mike
    > >>> >> >
    > >>> >> ><anonymous@discussions.microsoft.com> wrote in
    > >message
    > >>> >> >news:097801c4902d$b98389b0$a401280a@phx.gbl...
    > >>> >> >> I just doublechecked to make sure I was looking
    > at
    > >>> the
    > >>> >> >> right values and those are the exact values I
    > >have.
    > >>> >> Under
    > >>> >> >>
    > >>> >>
    > >>>
    > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertS
    > >>> v
    > >>> >> >> c\Configuration\"Certifcate Name"
    > >>> >> >>
    > >>> >> >> I have
    > >>> >> >> Validity Period REG_SZ Years
    > >>> >> >> Validity Period Units REG_DWORD 2
    > >>> >> >>
    > >>> >> >> Thanks for all your help, but I am still not sure
    > >>> what I
    > >>> >> >> am doing wrong.
    > >>> >> >>
    > >>> >> >> >-----Original Message-----
    > >>> >> >> >I think you are looking at wrong values:
    > >>> >> >> >
    > >>> >> >> >Under
    > >>> >> >>
    > >>> >>
    > >>>
    > >>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cert
    > >>> S
    > >>> >> >> vc\Configuration\<
    > >>> >> >> >CAName>
    > >>> >> >> >
    > >>> >> >> >Set this values like this:
    > >>> >> >> >
    > >>> >> >> >REG_SZ ValidityPeriod Years
    > >>> >> >> >REG_DWORD ValidityPeriodUnits 2
    > >>> >> >> >
    > >>> >> >> >(default value for REG_DWORD ValidityPeriodUnits
    > >>> is 1 )
    > >>> >> >> >
    > >>> >> >> >Again check the posted article again! Also check
    > >>> Paul's
    > >>> >> >> post!
    > >>> >> >> >
    > >>> >> >> >Mike
    > >>> >> >> >
    > >>> >> >> ><anonymous@discussions.microsoft.com> wrote in
    > >>> message
    > >>> >> >> >news:425001c49027$d198c1b0$a301280a@phx.gbl...
    > >>> >> >> >> Years.
    > >>> >> >> >>
    > >>> >> >> >> >-----Original Message-----
    > >>> >> >> >> >Scott,
    > >>> >> >> >> >
    > >>> >> >> >> >What value do you have
    > >>> under "ValidityPeriodUnits"
    > >>> >> >> >> Registry Key?
    > >>> >> >> >> >
    > >>> >> >> >> >Mike
    > >>> >> >> >> >
    > >>> >> >> >> >"Scott25"
    > ><anonymous@discussions.microsoft.com>
    > >>> >> wrote
    > >>> >> >> in
    > >>> >> >> >> message
    > >>> >> >> >> >news:3aa601c48f92$bc102b70
    > $a601280a@phx.gbl...
    > >>> >> >> >> >> Thanks for the article. I followed it and
    > >>> >> discovered
    > >>> >> >> >> >> that everything in my registry was already
    > >set
    > >>> >> >> >> correctly.
    > >>> >> >> >> >>
    > >>> >> >> >> >> My root certificate is correctly being
    > >issued
    > >>> >> with a
    > >>> >> >> 2
    > >>> >> >> >> >> year expiration date.
    > >>> >> >> >> >>
    > >>> >> >> >> >> My problem is that all the certificates
    > >that I
    > >>> >> issue
    > >>> >> >> to
    > >>> >> >> >> >> my VPN keys that are based on that root
    > >>> >> certificate
    > >>> >> >> >> have
    > >>> >> >> >> >> an expiration date of only 1 year. I don't
    > >>> >> >> understand
    > >>> >> >> >> >> why these would have a different expiration
    > >>> date.
    > >>> >> >> >> >>
    > >>> >> >> >> >> Any other thoughts? Thanks for all your
    > >help.
    > >>> >> >> >> >>
    > >>> >> >> >> >> >-----Original Message-----
    > >>> >> >> >> >> >Hi Scott,
    > >>> >> >> >> >> >
    > >>> >> >> >> >> >How To Change the Expiration Date of
    > >>> Certificates
    > >>> >> >> That
    > >>> >> >> >> >> Are Issued by a
    > >>> >> >> >> >> >Windows Server 2003 or a Windows 2000
    > >Server
    > >>> >> >> >> Certificate
    > >>> >> >> >> >> Authority
    > >>> >> >> >> >> >http://support.microsoft.com/default.aspx?
    > >>> >> >> scid=kb;en-
    > >>> >> >> >> >> us;254632&Product=win2000
    > >>> >> >> >> >> >
    > >>> >> >> >> >> >Feel free to post back if you have any
    > >>> questions
    > >>> >> >> >> >> regarding this.
    > >>> >> >> >> >> >
    > >>> >> >> >> >> >Mike
    > >>> >> >> >> >> >
    > >>> >> >> >> >> >"Scott25"
    > >>> <anonymous@discussions.microsoft.com>
    > >>> >> >> wrote
    > >>> >> >> >> in
    > >>> >> >> >> >> message
    > >>> >> >> >> >> >news:01bf01c48f89$a7d80460
    > >>> $a401280a@phx.gbl...
    > >>> >> >> >> >> >> My main certificate was set to expire on
    > >>> >> September
    > >>> >> >> >> 10,
    > >>> >> >> >> >> >> 2004. I renewed the certificate with
    > the
    > >>> same
    > >>> >> >> >> private
    > >>> >> >> >> >> >> key, and it is now set to expire on Sep
    > >1,
    > >>> 2006
    > >>> >> >> >> >> >> (basically 2 years from today) This
    > >>> seemed to
    > >>> >> >> work
    > >>> >> >> >> >> >> correctly. When I now issue a new
    > >>> certificate
    > >>> >> to
    > >>> >> >> a
    > >>> >> >> >> >> smart
    > >>> >> >> >> >> >> card for VPN purposes, it gives the
    > >>> >> certificate an
    > >>> >> >> >> >> >> expiration date of Sep 1, 2005 (A year
    > >>> before
    > >>> >> the
    > >>> >> >> >> base
    > >>> >> >> >> >> >> certificate is set to expire).
    > >>> >> >> >> >> >>
    > >>> >> >> >> >> >> I don't want to have to renew all the
    > >>> company's
    > >>> >> >> VPN
    > >>> >> >> >> >> keys
    > >>> >> >> >> >> >> in a year. How can I set the expiration
    > >>> date
    > >>> >> to
    > >>> >> >> the
    > >>> >> >> >> >> same
    > >>> >> >> >> >> >> as the root cert?
    > >>> >> >> >> >> >
    > >>> >> >> >> >> >
    > >>> >> >> >> >> >.
    > >>> >> >> >> >> >
    > >>> >> >> >> >
    > >>> >> >> >> >
    > >>> >> >> >> >.
    > >>> >> >> >> >
    > >>> >> >> >
    > >>> >> >> >
    > >>> >> >> >.
    > >>> >> >> >
    > >>> >> >
    > >>> >> >
    > >>> >> >.
    > >>> >> >
    > >>> >
    > >>> >
    > >>> >.
    > >>> >
    > >>
    > >>
    > >>.
    > >>
    > >.
    > >
Ask a new question

Read More

Microsoft Certificate Windows