Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA



On Sun, 20 May 2007 13:35:12 +0530, igor533 wrote:

Friends!
I have the MS CA on the stand-alone win2003 server. Of cause, it is a
stand-alone CA, it's a my RootCA
I need to use subCA. It's MS CA on the member of the domain, of cause ,
it's a Enterprice subordinate CA.
I need to sign his certificate in RootCA. But Root CA is a stand-alone,
and I can't cange expiration date for subCA. I recive cert for SubCA
only to 1 year.
How I can do it for 5 year?

You need to read the Best Practices white paper available at
www.microsoft.com/pki

The two registry values that need to be updated are ValidityPeriod and
ValidityPeriodUnits. Please see the whitepaper for the syntax of the
certutil command and the values to use.

Brian
.