Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA



On Sun, 20 May 2007 13:35:12 +0530, igor533 wrote:

Friends!
I have the MS CA on the stand-alone win2003 server. Of cause, it is a
stand-alone CA, it's a my RootCA
I need to use subCA. It's MS CA on the member of the domain, of cause ,
it's a Enterprice subordinate CA.
I need to sign his certificate in RootCA. But Root CA is a stand-alone,
and I can't cange expiration date for subCA. I recive cert for SubCA
only to 1 year.
How I can do it for 5 year?

You need to read the Best Practices white paper available at
www.microsoft.com/pki

The two registry values that need to be updated are ValidityPeriod and
ValidityPeriodUnits. Please see the whitepaper for the syntax of the
certutil command and the values to use.

Brian
.



Relevant Pages

  • Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA
    ... I have the MS CA on the stand-alone win2003 server. ... I need to use subCA. ... I need to sign his certificate in RootCA. ...
    (microsoft.public.windows.server.security)
  • Re: "unpuiblish" a certutil -dspublish d ca
    ... While following Brian Komar's 2003 PKI reference, ... the SubCA versus RootCA. ... CA certificate to the Certification Authorities *and* ... When you use -dspublish with SubCA, ...
    (microsoft.public.security)
  • Re: Certificate services
    ... Company uses AD consisting of two DCs ... with RootCA and SubCA. ... RootCA with 3rd Party CA, ...
    (microsoft.public.windows.server.active_directory)