Certificate request only 2 years

M

Mr.B

How can extend certificate request for more than two years for computer
certificate.
I have Enterprise Ca that is valid for 10 years, but computer certificate is
only valid for two years.
I have windows 2003 RS Standard server, and I have Enterprise CA.
Enrolment is only for V1 certificate. If I edit template for Computer
Certificate, than it become v2, and I can not use it, for enrolment.
 
B

Brian Komar

You cannot.
It is hard coded in the certificate template, and as mentioned earlier, you
cannot issue v2 certificates from Standard Edition.
There is another setting though that will affect your validity periods.

certutil -setreg ca\ValidityPeriodUnits 4
certutil -setreg ca\ValidityPeriod "Years"
net stop certsvc && net start certsvc

This will set the maximum lifetime of certificates issued by the CA to 4
years (for example). But it will be the lesser of the template setting and
the Validity Period settings above.
Brian

"Mr.B" <MrB@discussions.microsoft.com> wrote in message
news:842D078D-B31D-40EA-9E23-3B4CEC7FFC0F@microsoft.com...
> How can extend certificate request for more than two years for computer
> certificate.
> I have Enterprise Ca that is valid for 10 years, but computer certificate
> is
> only valid for two years.
> I have windows 2003 RS Standard server, and I have Enterprise CA.
> Enrolment is only for V1 certificate. If I edit template for Computer
> Certificate, than it become v2, and I can not use it, for enrolment.
>
 
M

Mr.B

I will test and i will replay to you.

"Brian Komar" wrote:

> You cannot.
> It is hard coded in the certificate template, and as mentioned earlier, you
> cannot issue v2 certificates from Standard Edition.
> There is another setting though that will affect your validity periods.
>
> certutil -setreg ca\ValidityPeriodUnits 4
> certutil -setreg ca\ValidityPeriod "Years"
> net stop certsvc && net start certsvc
>
> This will set the maximum lifetime of certificates issued by the CA to 4
> years (for example). But it will be the lesser of the template setting and
> the Validity Period settings above.
> Brian
>
> "Mr.B" <MrB@discussions.microsoft.com> wrote in message
> news:842D078D-B31D-40EA-9E23-3B4CEC7FFC0F@microsoft.com...
> > How can extend certificate request for more than two years for computer
> > certificate.
> > I have Enterprise Ca that is valid for 10 years, but computer certificate
> > is
> > only valid for two years.
> > I have windows 2003 RS Standard server, and I have Enterprise CA.
> > Enrolment is only for V1 certificate. If I edit template for Computer
> > Certificate, than it become v2, and I can not use it, for enrolment.
> >
>
 
You must log in or register to reply here.

Similar threads

A
CA: Using Custom Templates
Replies
0
Views
29
avilt
A
W
Custom OID for Certificate template
Replies
0
Views
25
WojtekW_MCS
W
R
What is a good certificate expiration time and how do you decide?
Replies
0
Views
15
RCooley33
R
I
Renew CA Certificate with different signing algorithm...
Replies
0
Views
26
imprise
I
A
Self Signed Cert on 2016 Windows server only creates cert valid for 6 weeks
Replies
0
Views
39
Anna Pullman-Rainbolt
A
Back
Top Bottom