JSI Tip 3945. How do I change the expiration date of certificates issued by a Windows 2000 Certificate Authority?


The default lifetime for a certificate issued by a Windows 2000 Certificate Authority (CA) is two years, after which the certificate is not trusted for use.

If you have an Enterprise CA, the validity period is hard coded into the template that created the certificate and can not be changed.

For certificates issued by a Standalone CA, or a Subordinate CA, you can modify the expiration:

1. Use Regedt32 to navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSrv\Configuration\<CAname>.

2. Double-click the ValidityPeriod value name, a string (REG_SZ) data type, and set the data value to one of the following:

   Days
   Weeks
   Months
   Years
3. Double-click the ValidityPeriodUnits value name, a REG_DWORD data type, and change the number, using the Decimal Radix.

4. Stop and restart the Certificate Services.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish