Change the certificate validity period from the default of one year

Certificate Services in Windows Server 2003 and in Windows 2000 Server

For Microsoft Windows Server 2003 or for Microsoft Windows 2000 Server, the validity period for the Root certification authority (CA) certificate in Certificate Services is configured during the Setup process for Certificate Services. The following certificates are valid for up to five years. However, these certificates are never valid longer than the Root CA certificate is valid.

• Subordinate CA
• Internet Protocol Security
• Enrollment Agent
• Domain Controller

All other certificates are valid for up to one year. However, they are never valid longer than the Root CA certificate is valid.

Microsoft Certificate Server 1.0

By default, certificates that Microsoft Certificate Server 1.0 issues are valid for one year. The validity period of a root Microsoft Certificate Server CA certificate is five years for Certificate Server 1.0. The validity period of a non-root Microsoft Certificate Server CA certificate is controlled by the issuing CA. Certificates that your Certificate Server issues will expire no later than the same time that your CA certificate expires.

For example, if there are only two years left on your CA certificate, issued certificates will be valid for no more than two years, even if you set the registry to issue five-year certificates.

For more information about how to change the expiration date of certificates that are issued by a Windows Server 2003 CA or by a Windows 2000 Server CA, click the following article number to view the article in the Microsoft Knowledge Base: