Renew Subordinate CA certificate

P

PT

I have an Enterprise CA root server and a subordinate CA server in my domain
(single domain). Both of these servers are running on Windows 2003
Enterprise edition.

I was able to obtain a subordinate CA certificate when i originally set it
up (this original sub CA certificate will expire on 2/2009). Now i would
like to renew my subordinate CA's so the expiration date will be further out
(e.g. to year 2012) so all client certificates issued by this subordinate CA
will have a longer expiration date. According to this MS article, i should be
able to renew it by right clicking on the sub CA server and select renew.

http://technet2.microsoft.com/windo...c0ae-4fad-a29d-1d17f04cd5fc1033.mspx?mfr=true

After the renewal request, the subordinate CA didn't get a renewed
certificate. The root CA server on the other hand did show that the new
certificate has been issued. But the subordinate server just didn't get it
no matter how many times i restarted the server.

I need help!!
 
N

Neil

Hi
I have only had limited experience with a standalone root CA, not an
enterprise root, but how about you try manually importing the certificate.

To do this on the root CA open Certification Authority snap-in.
Expand your server
Click the 'Issued Certificates' folder
Find the certificate that has been issued to your sub CA and double click it.
Click the Details tab
Click 'Copy to File'
Click Next
Select 'Cryptographic Message Syntax Standard - PKCS #7 Certificates'
Tick 'Include all certificates in the certification path if possible'
Click Next
Type a filename E.g. C:\SubCA.p7b
Click Next
Click Finish
Click OK
Click OK
Move the .p7b file to the sub CA

Open Certificate Authority on the sub CA
Right-click your server, click All Tasks > Install CA Certificate
Navigate to the .p7b file and Click Open

That may work.

Neil

"PT" wrote:

> I have an Enterprise CA root server and a subordinate CA server in my domain
> (single domain). Both of these servers are running on Windows 2003
> Enterprise edition.
>
> I was able to obtain a subordinate CA certificate when i originally set it
> up (this original sub CA certificate will expire on 2/2009). Now i would
> like to renew my subordinate CA's so the expiration date will be further out
> (e.g. to year 2012) so all client certificates issued by this subordinate CA
> will have a longer expiration date. According to this MS article, i should be
> able to renew it by right clicking on the sub CA server and select renew.
>
> http://technet2.microsoft.com/windo...c0ae-4fad-a29d-1d17f04cd5fc1033.mspx?mfr=true
>
> After the renewal request, the subordinate CA didn't get a renewed
> certificate. The root CA server on the other hand did show that the new
> certificate has been issued. But the subordinate server just didn't get it
> no matter how many times i restarted the server.
>
> I need help!!
>
 
You must log in or register to reply here.

Similar threads

G
Question about PKI and Subordinate Authority Certificate
Replies
0
Views
57
Gustavo Garcia5
G
I
Renew CA Certificate with different signing algorithm...
Replies
0
Views
41
imprise
I
S
When issuing Enterprise Root-CA, it shows "Active Directory Certificate Services could not connect to Global Catalog Server"
Replies
0
Views
38
Samuel_TRX
S
I
Automatic installation of an Enterprise CA on domain-joined workstations
Replies
0
Views
51
imprise
I
M
Weird certificate (XBL Client IPsec Issuing CA) found in my certificate store
Replies
0
Views
724
MaijaMeika_947
M
Back
Top Bottom