Re: Certificate Renewal Issues

From: Griff (Griff_at_discussions.microsoft.com)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 05:41:04 -0800

I also wnated to ask when and where do I lengthen the key to extend the life
of the cert.? Can I do this after the PKI infrastructure is in place? If I
have just used the PKI to deploy test certs, are there any ramifications in
removing the certificate services and starting over? I have less than a week
left to deploy this thing, and if it is wrong or bites me later down the road
than it is bye bye for me..so I really appreciate any help.....

"Steven L Umbach" wrote:

> If you renew the certificate with new private key they will only be able to
> open the old archived massages with the old certificate/private key that was
> used to create them. You can renew a certificate with the same private key
> if you want and it suits your security requirements. In general if you
> create the certificate with a longer key length, and all else being equal,
> you can use it for a longer period of time either by extending the
> expiration date and/or renewing it with the same private key. Also make sure
> that these users have exported their certificates/privates keys to a
> password protected .pfx file for safe keeping including offsite. --- Steve
>
>
>
> "Griff" <Griff@discussions.microsoft.com> wrote in message
> news:F50AE3BD-7DBF-4E74-87E4-EC5D1111A5A0@microsoft.com...
> >I am going to be implementing Enterprise and Subordinate CA's to encrypt
> > executive email. We archive everything and I wanted to know what happens
> > when
> > their certs expire and they are issued new ones. Will they not be able to
> > get
> > into the archived messages. What are the ramifications of not handling
> > this
> > right? Any help or advice would be great. Thanks
>
>
>

Relevant Pages