Changing minimum key size of EFS policy
We have an EFS template in place which is currently set to a minimum key size of 1024. If we want to increase this to 2048 what are the correct steps to do this and what is potential impact ? both for new certificate requests and certs which
have already been issued ?
It's a 2008 R2 domain but with majority windows XP clients.
May 14th, 2012 7:49am
Hi,
You can do this by simply modifying CApolicy.inf and then performing a renewal with a new key pair.
For details:
How to change root certificate key's length and validity period
http://social.technet.microsoft.com/forums/en-us/winserversecurity/thread/CE001D8F-C722-4429-83CB-328B92876292
Hope this helps!
Best Regards
Elytis Cheng
TechNet Subscriber Support
If you are
TechNet Subscription user and have any
feedback on our support quality, please send your feedback here.
Elytis Cheng
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2012 10:44pm
Thanks Elytis. Are there any clients which changing from 1024 to 2048 would be a problem for ?
May 15th, 2012 4:07am
Hi,
As far as I know, there is not.
Best Regards
Elytis ChengElytis Cheng
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 4:32am
thanks Elytis.
May 15th, 2012 8:27am