Re: Root CA Certificate vs Client Cert Expiration
From: Griff (Griff_at_discussions.microsoft.com)
Date: 04/28/05
- Next message: Srikanth: "Authenticating user's join domain credentials ? --- win32 api ???"
- Previous message: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- In reply to: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- Next in thread: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- Reply: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Apr 2005 12:58:12 -0700
Steven,
That was helpful.. I am running 2003 standard. Lets say the president of the
company is locking email and files down with his cert. Will he ba able to
access those protected items with a new cert if it is issued by the same CA?
I have found the client cert renewal process to be troublesome, so I am
interested in just issuing new ones after the old one expires. Is that an
option? I am just trying to avoid locking the company out of our reports
after the year is up....
"Steven L Umbach" wrote:
> First off a client certificate can never expire after a CA certificate so
> keep than in mind with your planning. For Windows 2000 and Windows 2003
> Standard version Certificate Authorities the certificates will need to be
> renewed manually which the users can do themselves if they have been trained
> to do such. An Enterprise CA that is installed on a Windows 2003 Enterprise
> Server can be configured to renew certificates automatically if you use
> version 2 templates [configurable copies of version 1 templates] and have
> enabled autoenrollment for users and/or computers via Group Policy. Windows
> 2000 does allow automatic request of "computer" certificates only via Group
> Policy. I am not sure offhand if they will be renewed if the computer
> certificate expires, though I tend to believe it will. You can also extend
> the life of most certificates up to two years by configuring the certificate
> template which can be done via configuration of version 2 templates or
> editing the registry for version 1 templates. -- Steve
>
>
> "Griff" <Griff@discussions.microsoft.com> wrote in message
> news:991E7558-988F-48BE-A907-4C8391F3E966@microsoft.com...
> >I have a very basic security question. If I set up a root CA for my domain
> > and begin handing out all kinds of certs that expire in a year. Do I have
> > to
> > keep renewing those client certs every year or will they automatically
> > pull
> > down a new one upon expiration?
> >
> > Or do I just need to assure that my Root Cert doesn't expire before being
> > renewed?
> >
> >
>
>
>
- Next message: Srikanth: "Authenticating user's join domain credentials ? --- win32 api ???"
- Previous message: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- In reply to: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- Next in thread: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- Reply: Steven L Umbach: "Re: Root CA Certificate vs Client Cert Expiration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
