Why is the lifetime of this certificate so short by default? What are the implications of making it a lot longer? I would prefer not to have the certificate databse fill up with CA Exchange certificates.Thanks

This is a high value key pair used to encrypt private keys sent from the client to the serverThe lifetime is kept short to prevent determining the private key from the public key.I would not recommend changing it.to be blunt, no customer of ours has found that this certificate causes bloat on the CA database.For a CA, there would be 26 certificates a year (2 week validity period).Most have issued 100K+ of computer certificates, 100K+ of user certificates per year (1 year validity period)I think you are sweating the small stuff <G>Brian