Active Directory Certificate Services increase web server template validity period
Hello, We've got a Microsoft PKI infrastructure on our 2008 R2 domain, with a root CA and an issuing CA, and a handful of cert templates. We've previously used the default "Web Server" template for all of our web server certs, but we'd like to change the validity period on all new certs from 2 years to 5 years. I know that I can't modify the default "Web Server" template, so I have two questions: 1. If we create a new certificate template, say called "Web Server 5 Years", and change it to a 5-year validity period, how do we tell new web servers to request a their new certs based on the new certificate template instead of the old "Web Server" template? We normally issue certs for web servers by clicking "New Domain Certificate..." in IIS on the web server-- but there's nowhere in that wizard to select which template we want to use... 2. Is there any way to renew the existing web server certs out there to the new template instead of the old (2-year) template? I suspect the answer is no, but we want this to be as seamless as possible, and the fact that we can't modify the default "Web Server" template is really causing us issues here... Thanks in advance for any help on this. Regards, Jon Heese
September 6th, 2012 2:25pm

1. You cannot click the new Domain Certificate option, you will have to either generate a CSR (the other button) or use the Certificates MMC focused on the Computer and create a V2 certificate template that allows the Web Server Read and Enroll permissions. Afterwards, you would still have to define the certificate in the Bindings of the Web server. 2. Everyone has to deal with this issue. If you are really having troubles, look at a third party product like Venafi to manage your SSL certs Brian
Free Windows Admin Tool Kit Click here and download it now
September 6th, 2012 5:33pm

1. You cannot click the new Domain Certificate option, you will have to either generate a CSR (the other button) or use the Certificates MMC focused on the Computer and create a V2 certificate template that allows the Web Server Read and Enroll permissions. Afterwards, you would still have to define the certificate in the Bindings of the Web server. 2. Everyone has to deal with this issue. If you are really having troubles, look at a third party product like Venafi to manage your SSL certs Brian
September 6th, 2012 5:39pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics