CA Server is Windows Server 2008 in Standalone mode, clients are both Windows XP and Windows Vista.How do you renew expiring certificates when your CA is a standalone CA. Any attempts in the MMC snap-ins come back with "request contains No Certificate Template info" which makes sense because Standalone CA's do not use templates. So how do you renew a certificate? Or specifically,how do you create acertificate request for renewal using command-line tools which I'mguessingis the only option? Any help appreciated.

Hi, Thank you for your post. To renew a certificate against Standalone CA, we can use the certreq utility: 1. Create a file named request.inf with the following contents:[Version]Signature= $Windows NT$[NewRequest]RenewalCert= Thumbprint attribute of the certificate 2. Open a command prompt, change to the directory where the file request.inf is located. 3. Type the following command, and then press ENTER: certreq -new request.inf certnew.req 4. Type the following command, and then press ENTER:certreq -submit -config "FQDN of the CA\CA Name" certnew.req certnew.cer 5. Use the Request ID number to retrieve the certificate. To do this, type the following command, and then press ENTER: certreq -retrieve RequestID certnew.cer 6. At the command prompt, type the following command, and then press ENTER: certreq -accept certnew.cer If there is anything unclear, please feelfree to let me know.

Hi,Just want to check if the solution has helped. Have a nice day.

Worked beautifully. The only modification I had to make was the command for key retrieval from standalone CA.Step 5 became: certreq -retrieve -config CAComputerName\CAName RequestID certnew.cer only difference being the addition of the "-config" info so it pointed to our CA. Again, steps worked beautifully, allowing a renewal of a certificate originally issued by a standalone CA. Thank you kindly.

Glad to hear that.Have a nice day.

Hi Joson ,I am facing the same issue ;Details : I have a standalone CA server issued certificates to anonmyous users . Server version is 2003 Enterprise edition with service pack2 .I need to renew the certificate issued to the end users. Should i follow the steps provided by you to generate the renewal in CLI mode.If so please explain me [Version]Signature= $Windows NT$ - what i need to type here -[NewRequest]RenewalCert= Thumbprint attribute of the certificate - what i need to type here -Any help regarding this issue is well appriciated .Thanks & RegardsArunkumar .G

You don't need to change anything at all in the [Version] section of the file. Type it exactly as is shown.In the [NewRequest] section you need to enter the Thumbprint of the certificate you're trying to renew. Open the certificate you're renewing then on the Details tab you'll find the Thumbprint.Paul Adare CTO IdentIT Inc. ILM MVP

Hi Paul,One basic Question. if i try with the steps mentioned for renewal of certificate , what will be the final ouput ? i.e for example i am renewing my certificate which has validity upto dec31st 2009 and after completion of this process whether i will get a new certificate or a renewed date on my existing certificate ?Awaiting your valuable reply Thanks & RegardsArunkumar .G

Hi Paul ,After typing the step 3: certreq -new request.inf certnew.req I'm getting the following error.A dialog box comes like this :Certificate List:--------------------select certificate to be renewedIssued to |Issued by| Intended| Friendly| Expiration| Location ok | cancel but the thing is its not listing any certificate to choose I am executing these commands in CA server itself after creating a request.inf file and in the same path of that file .Awaiting the valuable response fromthis forum.Thanks Arunkumar .G

Hi ,I have got the solution .The steps mentioned here is working fine . But the issue with my secarino is I have the SSL Certificate key installed in the CA server without the private key.So I tried for one SSL certificate which has private key with it and followed the steps mentioned in Technet . Renewal done successfully .I sincerely pay my thanks to the Forum Team.Still to add it I have one Questionare ?1) Is there any way to Retrive the private keyinformation for all issued certificates found in CA server . Note : My CA server is of Non -domain environmentThanks & RegardsArunkumar .G

HI Joson, it's great! but is there any way to modify the standalone CA to make it longer so that we don't need to renew certs for hundreds of computers manually using the command lines? If we do use your way, shall we run them on all the client computers which need to renew? or any step needed on CA? Or any tool can simplify these steps? Thanks

Dear all, Having the same problem certificate on scom server for server and client authentication is expired using a standalone ca installed on scom server itself. Trying to renew with certreq -new request.inf certnew.req, I also get a dialog box but no certificate is displayed. Any extra help would be appreciated Kind regards, Kenny