Re: Renew Certificate with Same Key from Standalone Root CA

From: David Cross [MS] (dcross@online.microsoft.com)
Date: 02/21/03

• Next message: Don Grover: "Re: good firewall for win2k pro"
• Previous message: David Cross [MS]: "Re: Remove certificate from 'Enterprise Trust' store"
• In reply to: Mike Sparkes: "Renew Certificate with Same Key from Standalone Root CA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "David Cross [MS]" <dcross@online.microsoft.com>
Date: Thu, 20 Feb 2003 20:55:39 -0800

renewal will always give you a new cert - the only difference is whether you
will generate a new key or not. In general, you should always use new keys.

The issue of accessing old files is orthogonal and not related to
certificate renewal. If you are using EFS, you can still decrypt with
expired certs.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Mike Sparkes" <mikesparkes@quadlogic.co.uk> wrote in message
news:017201c2d7fc$52160360$2f01280a@phx.gbl...
> Hi
>
> I know how you feel...
>
> It's not possible with a stand alone CA to use MMC.
> We've tried changing to an enterprise CA and then renewed
> with the same key, but still can't access the old files.
>
> With a stand alone CA you need to use the Web Enrollment
> Pages or create your own program (See Platform SDK).
> Your supposed to paste a PKCS7 file into the Submit a
> saved request page, but it always creates a new
> certificate.
>
> Sorry no answers yet, I'm still working on it.
> It's driving me mad!
>
> Mike
>
> >-----Original Message-----
> >Hi,
> >
> >Bare with me...
> >
> >I have installed a Standalone Root Certificate on a
> >Win2000 Server, requested a certificate using
> >the "http://>/certsrv/" webpage (Submit a
> >certificate request to this CA using a form).
> >
> >After that I Issued this certificate from the "Pending
> >request"-container. Then I added this certificate to a
> >service user in Active Directory (Under User -->
> >Properties --> Published Certificates).
> >
> >This certificate is now getting close to it's expiration
> >date, and I need to extend it. I have tried "Renew
> >certificate with same key" which gives me the following
> >error: This certificate cannot be renewed because it
> does
> >not contain enough information to generate a renewal
> >request. Please request a new certificate."
> >
> >Why is this not possible? I need to use the same private
> >key for the certificate to access previously stored and
> >encrypted information.
> >
> >The story continues...
> >
> >I then tried to "request certificate with the same key".
> >This gives me the error: "Windows cannot find a
> >certificate authority that will process the request."
> >
> >I know that this certificate is fully functional (at
> least
> >for a few more weekes), and the certificate authority is
> >running on the same server.
> >
> >Are these problems common to Standalone CS's? There must
> >be a way to prevent this certificate from expiring...
> >
> >Please help!
> >
> >Best regards,
> >
> >Sindre
> >.
> >

• Next message: Don Grover: "Re: good firewall for win2k pro"
• Previous message: David Cross [MS]: "Re: Remove certificate from 'Enterprise Trust' store"
• In reply to: Mike Sparkes: "Renew Certificate with Same Key from Standalone Root CA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Unable to install Godaddy cert on SBS R2 Standard box ... I recently bought a ten year Turbo SSL cert, but I want to rebuild my server ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ... (microsoft.public.windows.server.sbs) RE: Recovery agent for EFS, how can i get it done PLEASE HELP ... How are you requesting the Cert? ... > enterprise admins still cant request cert everytime i request i get this ... > The certificate cannot be installed because of one or more of the following ... >>> Recovery and cannot be added as a recovery agent. ... (microsoft.public.windows.server.active_directory) RE: Wireless connection problem from XP Pro SP2 to SBS 2003 ... I go to request a certificate. ... I went ahead and requested a User cert, ... This computer can connect to other wireless networks without problems. ... (microsoft.public.windows.server.sbs) Re: Unable to install Godaddy cert on SBS R2 Standard box ... That is was why I started to install the Turbo cert. ... "Please create a new request,and request for a new certificate from ... Godaddy(issue a new certificate),then install the new certificate. ... (microsoft.public.windows.server.sbs) Re: Computer and User Certificates Issues ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint