Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Change the certificate validity period from the default of one year


View products that this article applies to.

Summary

Certificate Services in Windows Server 2003 and in Windows 2000 Server

For Microsoft Windows Server 2003 or for Microsoft Windows 2000 Server, the validity period for the Root certification authority (CA) certificate in Certificate Services is configured during the Setup process for Certificate Services. The following certificates are valid for up to five years. However, these certificates are never valid longer than the Root CA certificate is valid.
  • Subordinate CA
  • Internet Protocol Security
  • Enrollment Agent
  • Domain Controller
All other certificates are valid for up to one year. However, they are never valid longer than the Root CA certificate is valid.

Microsoft Certificate Server 1.0

By default, certificates that Microsoft Certificate Server 1.0 issues are valid for one year. The validity period of a root Microsoft Certificate Server CA certificate is five years for Certificate Server 1.0. The validity period of a non-root Microsoft Certificate Server CA certificate is controlled by the issuing CA. Certificates that your Certificate Server issues will expire no later than the same time that your CA certificate expires.

For example, if there are only two years left on your CA certificate, issued certificates will be valid for no more than two years, even if you set the registry to issue five-year certificates.

↑ Back to the top


References

For more information about how to change the expiration date of certificates that are issued by a Windows Server 2003 CA or by a Windows 2000 Server CA, click the following article number to view the article in the Microsoft Knowledge Base:
254632 How to change the expiration date of certificates that are issued by a Windows Server 2003 or a Windows 2000 Server certificate authority

↑ Back to the top


Keywords: KB239539, kbhowto

↑ Back to the top

Article Info
Article ID : 239539
Revision : 7
Created on : 7/7/2008
Published on : 7/7/2008
Exists online : False
Views : 621