Re: Validity period of certificates is not accepted anymore
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 11/25/04
- Next message: David Cross [MS]: "Re: How to use my own algrithum in S/MIME of Outlook Express?"
- Previous message: Andrew White: "Access to ephemeral PEAP keys from IAS plugin"
- In reply to: Sebastian Rieger: "Validity period of certificates is not accepted anymore"
- Next in thread: Sebastian Rieger: "Re: Validity period of certificates is not accepted anymore"
- Reply: Sebastian Rieger: "Re: Validity period of certificates is not accepted anymore"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Nov 2004 05:13:12 -0800
The CA policy module will always truncate the validity of an issued cert to
be within the lifetime of its own validity period. You must renew the CA
with a longer lifetime to avoid this.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. Top Whitepapers: Auto-enrollment whitepaper: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx Best Practices for implementing Windows Server 2003 PKI: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx Troubleshooting Certificate Status and Revocation whitepaper: http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx Windows Server 2003 web enrollment and troubleshooting guide: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx Windows Server 2003 web enrollment and troubleshooting guide: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx "Sebastian Rieger" <sebastian.rieger@gwdg.de> wrote in message news:OQHm5Vk0EHA.2600@TK2MSFTNGP09.phx.gbl... > Hi All, > > we're using microsoft windows certificate services to deploy certificates > to our customers. Using a Windows 2003 Enterprise Edition Server we were > able to use certificate templates to map the current needs of our users to > certificates. The policy module complained about the validity period of > the certificate being to long from the begining of the ca usage, but > accepted the request (reducing the validity period of the certificate to > the end of life of our ca certificate). Today the policy modules suddenly > refused the certificates complaining about the validity period of the > certificate. Our ca certificate is valid up to May 2005 - can we solve > this problem without renweing our ca certificate? can the limit be > increased via registry, or do we need to code our own policy module. > > Thanks in advance, > > Sebastian Rieger
- Next message: David Cross [MS]: "Re: How to use my own algrithum in S/MIME of Outlook Express?"
- Previous message: Andrew White: "Access to ephemeral PEAP keys from IAS plugin"
- In reply to: Sebastian Rieger: "Validity period of certificates is not accepted anymore"
- Next in thread: Sebastian Rieger: "Re: Validity period of certificates is not accepted anymore"
- Reply: Sebastian Rieger: "Re: Validity period of certificates is not accepted anymore"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
