Question on chnaging the expiration date of certificates

Archived from groups: microsoft.public.win2000.security (More info?)

Hi ,
I was trying to change the default expiration date of certificates from 1
year to a different value on a standlone Sub-ordinate CA server.
I used the information from the Microsoft article Q254632.

When I initiallythe installed the Standalone sub-ordinate CA server , the
validity dates were determined by the parent CA ( Set to 1 year )
( Standalone RootCA , validity set to 10 years ).

But I would like to change it to 8 years from the default setting of 1 year.

After following the suggestion in the document Q254632 , the user certs and
the CA cert still has the same validity of 1 year . The CA service was
started and stopped and the system was alos started .

Any idea of what could be wrong.

Kavi
1 answer Last reply
More about question chnaging expiration date certificates
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi,

    If I understand you correctly, your Standalone RootCA is valid for 10 years
    and you have one Standalone Subordinate CA that is valid for 1 year.

    In this case, your subordinate CA will only be able to issue certificates
    valid for maximum 1 year since its own certificate is valid for that period
    of time. You can't issue certificates with longer date of validity then its
    issuing CA certificate.

    What you need to do is change the validity period on your RootCA to value
    that you desire (e.g. 8 years) and then re-issue certificate for your
    Subordinate CA. Once this is done and you change validity period on your
    Subordinate CA you should be able to issue certificates on your subordinate
    CA for your users with validity period that is longer then 1 year.

    Once the certificate is issued, you can't change its validity time. If you
    would edit the certificate it would become invalid (digital signature would
    not match).

    I hope this helps.

    --
    Mike
    Microsoft MVP - Windows Security

    "Kavi" <Kavi@discussions.microsoft.com> wrote in message
    news:7F4D84C3-0BEA-4C75-9734-74951C4EF16D@microsoft.com...
    > Hi ,
    > I was trying to change the default expiration date of certificates from 1
    > year to a different value on a standlone Sub-ordinate CA server.
    > I used the information from the Microsoft article Q254632.
    >
    > When I initiallythe installed the Standalone sub-ordinate CA server , the
    > validity dates were determined by the parent CA ( Set to 1 year )
    > ( Standalone RootCA , validity set to 10 years ).
    >
    > But I would like to change it to 8 years from the default setting of 1
    > year.
    >
    > After following the suggestion in the document Q254632 , the user certs
    > and
    > the CA cert still has the same validity of 1 year . The CA service was
    > started and stopped and the system was alos started .
    >
    > Any idea of what could be wrong.
    >
    > Kavi
    >
Ask a new question

Read More

Default Microsoft Windows