Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA

From: Brian Komar <bkomarr@xxxxxxxxxxxxxxxxx>
Date: Mon, 21 May 2007 09:45:54 -0500

On Sun, 20 May 2007 13:35:12 +0530, igor533 wrote:

Friends!
I have the MS CA on the stand-alone win2003 server. Of cause, it is a
stand-alone CA, it's a my RootCA
I need to use subCA. It's MS CA on the member of the domain, of cause ,
it's a Enterprice subordinate CA.
I need to sign his certificate in RootCA. But Root CA is a stand-alone,
and I can't cange expiration date for subCA. I recive cert for SubCA
only to 1 year.
How I can do it for 5 year?

You need to read the Best Practices white paper available at
www.microsoft.com/pki

The two registry values that need to be updated are ValidityPeriod and
ValidityPeriodUnits. Please see the whitepaper for the syntax of the
certutil command and the values to use.

Brian
.

References:
- Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA
  - From: igor533

Prev by Date: which ip scheme i have to prefer?
Next by Date: Re: Windows 2003 Pre-authentication failed
Previous by thread: Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA
Next by thread: Disallowing console login
Index(es):
- Date
- Thread

Relevant Pages

Re: Certificate chain issue with Ent Sub Ca & stand alone Root CA
... I have the MS CA on the stand-alone win2003 server. ... I need to use subCA. ... I need to sign his certificate in RootCA. ...
(microsoft.public.windows.server.security)
Re: "unpuiblish" a certutil -dspublish d ca
... While following Brian Komar's 2003 PKI reference, ... the SubCA versus RootCA. ... CA certificate to the Certification Authorities *and* ... When you use -dspublish with SubCA, ...
(microsoft.public.security)
Re: Certificate services
... Company uses AD consisting of two DCs ... with RootCA and SubCA. ... RootCA with 3rd Party CA, ...
(microsoft.public.windows.server.active_directory)