The default lifetime for a certificate issued by a Windows 2000 Certificate Authority (CA) is two years, after which the certificate is not trusted for use.
If you have an Enterprise CA, the validity period is hard coded into the template that created the certificate and can not be changed.
For certificates issued by a Standalone CA, or a Subordinate CA, you can modify the expiration:
1. Use Regedt32 to navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSrv\Configuration\<CAname>.
2. Double-click the ValidityPeriod value name, a string (REG_SZ) data type, and set the data value to one of the following:
Days Weeks Months Years3. Double-click the ValidityPeriodUnits value name, a REG_DWORD data type, and change the number, using the Decimal Radix.
4. Stop and restart the Certificate Services.