Domain controller certificate updated itself before expiration date? Why?
Hello we have a 4 domain controller environment 2x 2k3 and 2x2k8 machines and have quiet a few tomcat applications that connect to AD using LDAPS. We have the domain controller certificates installed in the key store on the tomcat applications. A week ago the domain controller certificate on the 2k3 machines created a new one and installed itself, this occurred 5 weeks before the certificate that was suppose to be used was set to expire, and the domain controllers where not rebooted which is what was in the past (before we added the 2k8 machines) was what we had to do to make the domain controllers start issuing the new certs even after the certificate expiration. Yesterday one of the 2k8 machines had a new cert issued and installed it with out restart 41 days before it's current cert was going to expire. Someone please help me understand this madness. Thanks Chris
October 8th, 2012 12:10am

Hi crofrog, Windows has a feature called auto-enrollment what is also a auto-renew. By default it happens 6 weeks before the certificate expires. If you use the certificate template "Domain Controller" you cannot change it, if you use the template "Domain Controller Authentication" you can change it e.g from 6 weeks to 1 week if this help you. Regards, Lutz
Free Windows Admin Tool Kit Click here and download it now
October 8th, 2012 12:39am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics