Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Increase the validity period and renewal steps of ActiveDirectory certificate server

2025-01-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Normally, the AD certificate server we install is usually 5 years by default. How to renew it after expiration? What if you want to increase the validity of the CA root certificate to 10, 20, 50 years?

Let's take a look at how to do it.

First, we need to back up the CA of the existing environment, open the Certificate Authority, and click "all tasks"-"backup CA"

Click next!

Check "Private key and CA Certificate", "Certificate Database and Certificate Database Log", select the backup path, and next

Enter a password, next step

Backup completed

Now we want to increase the validity period of the CA root certificate. Take a look at the validity period of the existing CA root certificate, and click Properties.

You can see that there is only one certificate # 0, which is valid for 10 years.

Let's start to increase the validity period of the CA root certificate to 50 years, and create a file called CAPpolicy.inf in the% SYSTEMROOT% directory, as follows:

[Version]

Signature= "$Windows NT$"

[certsrv_server]

RenewalValidityPeriod=Years

RenewalValidityPeriodUnits=50

Run the following command to set the maximum validity period of the certificate.

Certutil-setreg CA\ ValidityPeriodUnits 50

Certutil-setreg CA\ ValidityPeriod "Years"

Restart the certsvc service

You can check the following registry to see if ValidityPeriodUnits has changed.

HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ CertSrv\ Configuration\

To start renewing the certificate, click "all tasks"-"renew CA Certificate"

The renewal process needs to stop the certificate service. Click Yes.

If you need to generate a new public and private key pair, choose Yes, here I choose No, let the program still use the old key

After the renewal is completed, we look at the certificate properties and find that there is an extra certificate # 1, and the validity period has become 50 years.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 268

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report