Microsoft CA certificate templates expires sooner than expected
By default ADCS is set to issue certs for a maximum of 2 years (regardless of template or request).
To change that just run the following two commands (modify as desired):
certutil -setreg CA\ValidityPeriod "Years"
certutil -setreg CA\ValidityPeriodUnits 10
Then restart certificate services:
net stop certsvc
net start certsvc
Related videos on Youtube
Tim Brigham
Updated on September 18, 2022Comments
-
Tim Brigham over 1 year
The certificates my Microsoft CA is generating do not match the time period indicated in the template used. How can I resolve this?
I recently created a new certificate template for use on my Linux boxes on my Microsoft CA (2008 R2 Enterprise). This template is approved for server and client authentication purposes with a validity period of 10 years - the expected lifetime of our Linux boxes - and the subject name supplied in the request. I have checked both the intermediate and offline CA - both have more than 10 years of life listed. The certificates are exactly two years.
Is there some kind of hard limit I'm hitting here?
-
ravi yarlagadda over 11 yearsWhat validity lifetime are they getting instead of 10 years?
-
-
Tim Brigham over 11 yearsUgh.. thanks. Did that on the offline CA but likely forgot it on the intermediate.