There are a few resources you may want to look at for your situation:
Some scripts to automate configurations on your PKI server setup, including
validity length
http://technet2.microsoft.com/WindowsServer/en/library/091cda67-79ec-481d-8a96-03e0be7374ed1033.mspx?mfr=true
Also, from the documentation at
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx:
1.If required, specify a new key size in CAPolicy.inf.
2. Renew the CA certificate. (See the procedure in the product documentation.)
3. Publish the new CA certificate to:
• The Active Directory Trusted Certification Authorities store
• The Web server AIA publishing point
• The Trusted Root Certification Authorities local store on each of the
Intermediate CAs
See Publishing the Offline Root CA.
4. Issue a new CRL from the root CA and publish it to the Web server CDP
publishing point.
5. If you have not updated your intermediate CAs to Windows Server 2003
Service Pack 1, you need to publish the root CA CRLs to the local certificate
store of the intermediate CA(s). See Publishing CRLs of the Root CA to the
Offline Intermediate CAs.
Using the two, essentially configure the length, and then go through the
renewal process.
--
Wayne Anderson
http://blog.avanadeadvisor.com/blogs/waynea/
Post by Brian KomarPost by boonHi,
I want to shorten the period. Everytime I renewed, it increased the period.
Regards
Post by Brian KomarPost by boonHi,
During installation for our Windows 2003 Server's certificate authority, we
have generated the root certicate's valid period till 2086. Is there any way
we can reduce the period or re-issue the root certicate to a shorter period?
Thanks in advance.
You can renew the certificate, designating the new
validty period and key length (if required) in the
capolicy.inf file.
See the Best Practices whitepaper for details at
www.microsoft.com/pki
Brian
Did you read the whitepaper?
The details for a root CA are in the best practices
Brian