In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Normally, the AD certificate server we install is usually 5 years by default. How to renew it after expiration? What if you want to increase the validity of the CA root certificate to 10, 20, 50 years?
Let's take a look at how to do it.
First, we need to back up the CA of the existing environment, open the Certificate Authority, and click "all tasks"-"backup CA"
Click next!
Check "Private key and CA Certificate", "Certificate Database and Certificate Database Log", select the backup path, and next
Enter a password, next step
Backup completed
Now we want to increase the validity period of the CA root certificate. Take a look at the validity period of the existing CA root certificate, and click Properties.
You can see that there is only one certificate # 0, which is valid for 10 years.
Let's start to increase the validity period of the CA root certificate to 50 years, and create a file called CAPpolicy.inf in the% SYSTEMROOT% directory, as follows:
[Version]
Signature= "$Windows NT$"
[certsrv_server]
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=50
Run the following command to set the maximum validity period of the certificate.
Certutil-setreg CA\ ValidityPeriodUnits 50
Certutil-setreg CA\ ValidityPeriod "Years"
Restart the certsvc service
You can check the following registry to see if ValidityPeriodUnits has changed.
HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ CertSrv\ Configuration\
To start renewing the certificate, click "all tasks"-"renew CA Certificate"
The renewal process needs to stop the certificate service. Click Yes.
If you need to generate a new public and private key pair, choose Yes, here I choose No, let the program still use the old key
After the renewal is completed, we look at the certificate properties and find that there is an extra certificate # 1, and the validity period has become 50 years.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 268
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.