AlanW.
2010-01-06 16:58:16 UTC
We have recently implemented a two tier Certificate Authority
infrastructure.
Our Root Certificate has a validity period of 20 years. This is what
we wanted.
I am now in the process of trying to generate our Subordinate CA
Certificate. The validity period, I believe, is being pulled from the
Certificate Template on the Root CA, and is generating a validity
period of 5 years. I cannot seem to find a way to change this.
I have tried tinkering with the CAPolicy.inf file, but the settings
seem to be ignored.
Our current CAPolicy.inf file is located at C:\Windows on both our
root and Subordinate CA.
The contents are below:
[Version]
Signature= "$Windows NT$"
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
[CRLDistributionPoint]
[AuthorityInformationAccess]
All I need the Policy to do is extend the validity period of our
Subordinate CA certificate from 5 to 20 (or even 15 or 10) years.
I do not seem to be having much success with this.
Thanks for any assistance.
infrastructure.
Our Root Certificate has a validity period of 20 years. This is what
we wanted.
I am now in the process of trying to generate our Subordinate CA
Certificate. The validity period, I believe, is being pulled from the
Certificate Template on the Root CA, and is generating a validity
period of 5 years. I cannot seem to find a way to change this.
I have tried tinkering with the CAPolicy.inf file, but the settings
seem to be ignored.
Our current CAPolicy.inf file is located at C:\Windows on both our
root and Subordinate CA.
The contents are below:
[Version]
Signature= "$Windows NT$"
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
[CRLDistributionPoint]
[AuthorityInformationAccess]
All I need the Policy to do is extend the validity period of our
Subordinate CA certificate from 5 to 20 (or even 15 or 10) years.
I do not seem to be having much success with this.
Thanks for any assistance.