Certificate Renewal questions

From: Steve (stephen.h.price_at_intel.com)
Date: 01/21/04

• Next message: Krish Shenoy[MSFT]: "Re: Certificate Renewal questions"
• Previous message: Vishal Agarwal[MSFT]: "Re: CertAddEnhancedKeyUsageIdentifier access denied"
• Next in thread: Krish Shenoy[MSFT]: "Re: Certificate Renewal questions"
• Reply: Krish Shenoy[MSFT]: "Re: Certificate Renewal questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 21 Jan 2004 14:43:16 -0700

I need some help in understanding the mechanics of certificate renewal. I
have two questions:

In the Certificates MMC console, when I right-click on a cert and go to All
Tasks I see the following tasks:
Request with new key
Request with same key
Renew with new key
Renew with same key

I've tried both a Request with same key and a Renew with same key on a valid
certificate. The results seem to be the same. In both cases I get a cert
with a different serial number so the results seem to be identical.

1. What is the difference between the Request task and the Renew task?

When I right-click on an expired cert and go to All Tasks, I get the same
list of tasks as above, however, when I try to Renew with same key, I get
the following error:

"The certification authority denied the request. A required certficiate is
not within its validity period when verifying against the current system
clock or the timestamp in the signed file."

A Request with same key does go through successfully.

2. Why does 'Renew with same key' not work for an expired certificate while
a 'Request with same key' does work?

Thanks,

Steve

• Next message: Krish Shenoy[MSFT]: "Re: Certificate Renewal questions"
• Previous message: Vishal Agarwal[MSFT]: "Re: CertAddEnhancedKeyUsageIdentifier access denied"
• Next in thread: Krish Shenoy[MSFT]: "Re: Certificate Renewal questions"
• Reply: Krish Shenoy[MSFT]: "Re: Certificate Renewal questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Unable to install Godaddy cert on SBS R2 Standard box ... I recently bought a ten year Turbo SSL cert, but I want to rebuild my server ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ... (microsoft.public.windows.server.sbs) RE: Recovery agent for EFS, how can i get it done PLEASE HELP ... How are you requesting the Cert? ... > enterprise admins still cant request cert everytime i request i get this ... > The certificate cannot be installed because of one or more of the following ... >>> Recovery and cannot be added as a recovery agent. ... (microsoft.public.windows.server.active_directory) RE: Wireless connection problem from XP Pro SP2 to SBS 2003 ... I go to request a certificate. ... I went ahead and requested a User cert, ... This computer can connect to other wireless networks without problems. ... (microsoft.public.windows.server.sbs) Re: Certificate Renewal questions ... In the case of request with same key you have the option of selecting ... Advanced page where you can choose a different certificate template whereas ... for renew with same key you cannot choose the template. ... (microsoft.public.platformsdk.security) Re: Unable to install Godaddy cert on SBS R2 Standard box ... That is was why I started to install the Turbo cert. ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint