In my lab, I installed a cert from our local CA on the 2007 CAS (sp1). The template I used was set for a validity period of five years. After installing on the CAS, the validity only showed as three years. Is there a validity period limitation within Exchange 2007? Thanks

Well, assuming the template is correct, the validity cant be longer than the expiration of the root CA itself. This isnt an Exchange issue however.

On Tue, 27 Apr 2010 00:28:10 +0000, akg414s wrote: >In my lab, I installed a cert from our local CA on the 2007 CAS (sp1). The template I used was set for a validity period of five years. After installing on the CAS, the validity only showed as three years. Is there a validity period limitation within Exchange 2007? Nope. But there could be a policy on your CA that limits the lifetime of the cert. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

After looking at the actual certificate, it appears that the certs were being generated from our CA with a 3 year validity period, not being restricted by Exchange. It was a simple registry fix. Using: certutil -setreg ca\ValidityPeriod "Years" certutil -setreg ca\ValidityPeriodUnits "5"