Professional Documents
Culture Documents
[Version]
[PolicyStatementExtension]
Policies = AllIssuancePolicy
Critical = FALSE
[AllIssuancePolicy]
OID = 2.5.29.32.0
[Certsrv_Server]
RenewalKeyLength=2048
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=10
Note:- CA validity period and CA renewal validity period should be same such we select 10 years
Step3:
Restart CA service by below command, If you don’t want to renew Certificate Key.
If you want to renew key then don’t restart CA service and follow step4 for generate certificate
Step4:
1. To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools,
and then double-click Certification Authority.
2. In the console tree, click the name of the certification authority (CA)> Select Certification
Authority (Computer)/CA name
3. On the Action menu, point to All Tasks, and click Renew CA Certificate.
4. Do one of the following:
a. If you want to generate a new public and private key pair for the certification authority’s
certificate, click Yes.
b. If you want to reuse the current public and private key pair for the certification authority’s
certificate, click No.
5. Right Click Certification Authority (Computer)/CA name, Click Property> Click General Tab>Select
Certificate #1>View Certificate>Check Expiry date as above mentioned CAPolicy.inf
Step5:
After generating the new root CA certificate copy it to AIA URL so that client can download it for
verification.
Step1:
[Version]
[PolicyStatementExtension]
Policies = AllIssuancePolicy
Critical = FALSE
[AllIssuancePolicy]
OID = 2.5.29.32.0
[Certsrv_Server]
RenewalKeyLength=2048
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=5
Step4:
Restart CA service by below command, If you don’t want to renew Certificate Key.
If you want to renew key then don’t restart CA service and follow step4 for generate certificate
Step4:
1. To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools,
and then double-click Certification Authority.
2. In the console tree, click the name of the certification authority (CA)> Select Certification
Authority (Computer)/CA name
3. On the Action menu, point to All Tasks, and click Renew CA Certificate.
4. Do one of the following:
a. If you want to generate a new public and private key pair for the certification authority’s
certificate, click Yes.
b. If you want to reuse the current public and private key pair for the certification authority’s
certificate, click No.
5. If a parent CA is available online
a. Click Send the request directly to a CA already on the network.
b. In Computer Name, type the name of the computer on which the parent CA is installed.
c. In Parent CA, click the name of the parent CA.
6. If a Root CA is Offline or not a member of domain
a. Click Save the request to a file.
b. In Request file, type the path and file name of the file that will store the request.
c. Obtain this subordinate CA’s certificate from the root CA.
7. Open Certification Authority>click the name of the CA. Certification Authority (Computer)/CA
name
8. On the Action menu, point to All Tasks, and then click Install CA Certificate.
9. Locate the certificate file received from the parent certification authority, click this file, and
then click Open.
10. Right Click Certification Authority (Computer)/CA name, Click Property> Click General Tab>Select
Certificate #1>View Certificate>Check Expiry date as above mentioned CAPolicy.inf