Certificate Template Validity Periods - Able to override the minimum?
Hello All,
We are deploying non-exportable Client Authentication certificates to our users for remote access. One use case we still need to address is the situation where a user is remote and didn't receive their certificate for some reason.
What I'd like to do is provide a second certificate template for the Help Desk that
is exportable, but has an extremely short validity period (such as 1 hour). The Help Desk would wrap the cert in a password-protected PFX, deliver it to the customer with instructions for importing it, and then, as soon as the customer
is on the network, instruct them to install the package which deploys them a "real" cert.
That's more information than you really need. My question is around setting the validity period in the certificate template. Using the certtmpl.msc GUI doesn't allow me to set a validity period on a template shorter than 2 days. I'm wondering
if anyone has encountered something like this before, and if they've found a backdoor for setting a shorter validity period than that.
If it's not possible, can anyone explain why there is a technical limitation which disallows a cert from being valid for less than 2 days?
May 21st, 2010 11:22am
I have tried and was able to set 1 hour for certificate validity period.http://www.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2010 2:44pm
How did you do it? Through the cert template GUI? I don't even see "Hours" as a selectable time unit...
May 21st, 2010 3:18pm
Through Certificate Templates MMC snap-in on my Windows 7 box (with RSAT).http://www.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2010 4:03pm
Hi all, I'm too interested about this issue. I cant to change the minimum time (in my case two days) . Anybody knows how to repare this issue?
Thanks in advance.
October 18th, 2012 5:15am