Change the Expiry period for the CA/Local Certificate in Window Server 2003 RRS feed

  • 問題

  • Hi Sir/Madam,

    I try to generate the private key file(.csr). And I insert it into the Cert Server of Window Standard Server 2003(32 bits) which is to produce the local Certificate (Base 64 encoded) with 1 year certificate license. The local certificate is work with Fortigate firewall to process VPN and it is successful. But the problem is that the certificate is only 1 year valid and I want to extend the cert to 5-10 years. I search for the website and forum and they teach me that modify the regedit key in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName> of Window Standard Server 2003 such as ValidityPeriod change to "Years" and ValidityPeriodUnits change to "10"(Apply to my case). Finally stop and start the Certificate Services again . But it won't work, when I generate again the Certificate, the Certificate is still valid for 1 year only. Are there any procedures that I am missing or any other methods I can work with. Thanks all of you.


    2012年11月24日 上午 03:58


  • Hi,

    Since you are working with Windows Server 2003, Standard Edition, you are limited to only using version 1 certificate templates. Most of these are hard-coded as a 1 year validity period. To use custom validity periods, you must implement version 2 certificate templates. These are only available on enterprise edition on Windows Server 2003. (same story for Windows Server 2008).

    You can only issue certificates based on custom version 2 (or version 3) certificate templates in standard edition starting with Windows Server 2008 R2.

    Hope it helps.

    微软一站式示例脚本库: http://blogs.technet.com/b/onescript

    2012年11月26日 上午 08:32