Sign in with
Sign up | Sign in
Your question

Question on chnaging the expiration date of certificates

Tags:
  • Default
  • Microsoft
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
March 11, 2005 10:35:01 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi ,
I was trying to change the default expiration date of certificates from 1
year to a different value on a standlone Sub-ordinate CA server.
I used the information from the Microsoft article Q254632.

When I initiallythe installed the Standalone sub-ordinate CA server , the
validity dates were determined by the parent CA ( Set to 1 year )
( Standalone RootCA , validity set to 10 years ).

But I would like to change it to 8 years from the default setting of 1 year.

After following the suggestion in the document Q254632 , the user certs and
the CA cert still has the same validity of 1 year . The CA service was
started and stopped and the system was alos started .

Any idea of what could be wrong.

Kavi

More about : question chnaging expiration date certificates

Anonymous
March 12, 2005 3:10:45 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

If I understand you correctly, your Standalone RootCA is valid for 10 years
and you have one Standalone Subordinate CA that is valid for 1 year.

In this case, your subordinate CA will only be able to issue certificates
valid for maximum 1 year since its own certificate is valid for that period
of time. You can't issue certificates with longer date of validity then its
issuing CA certificate.

What you need to do is change the validity period on your RootCA to value
that you desire (e.g. 8 years) and then re-issue certificate for your
Subordinate CA. Once this is done and you change validity period on your
Subordinate CA you should be able to issue certificates on your subordinate
CA for your users with validity period that is longer then 1 year.

Once the certificate is issued, you can't change its validity time. If you
would edit the certificate it would become invalid (digital signature would
not match).

I hope this helps.

--
Mike
Microsoft MVP - Windows Security

"Kavi" <Kavi@discussions.microsoft.com> wrote in message
news:7F4D84C3-0BEA-4C75-9734-74951C4EF16D@microsoft.com...
> Hi ,
> I was trying to change the default expiration date of certificates from 1
> year to a different value on a standlone Sub-ordinate CA server.
> I used the information from the Microsoft article Q254632.
>
> When I initiallythe installed the Standalone sub-ordinate CA server , the
> validity dates were determined by the parent CA ( Set to 1 year )
> ( Standalone RootCA , validity set to 10 years ).
>
> But I would like to change it to 8 years from the default setting of 1
> year.
>
> After following the suggestion in the document Q254632 , the user certs
> and
> the CA cert still has the same validity of 1 year . The CA service was
> started and stopped and the system was alos started .
>
> Any idea of what could be wrong.
>
> Kavi
>
!