We use an enterprise root certification authority on a Windows 2000 Domain Controller.Unfortunatlythe root Certificate has only a duration of validity of 2-Years We have a second windows 2008 R2 domain controller. Now i have installed a second enterprise root certification authority on a Windows 2008 R2 Enterprise Server (Domain Member) The first CA i will remove when all certificates are expired. ( From now on now new certificate should be created) Now i have to request/create a computer certificate on our RAS-Server (Windows 2003 SP2 Standard)Which fails because - in MMC appears only the old CA - in WEB-registration the template computer isn`t available. What can i do to create the computercertificate?Is there a better way to migrate our CA and to change the duration validity from our root certificate? Thank You! Regards Lothar

Have you deployed / installed the new root CA certificate? If you would like to upgrade the CA, you can do so by simply upgrading the OS from 2003 to 2008, assuming you are not switching from 32 bit to 64 bit OS. If you need to change from 32 to 64 bit, you must maintain what you are already doing. You can extend the lifetime of the CA certificate: Certutil –setreg ca\ValidityPeriod Years Certutil –setreg ca\ValidityPeriodUnits 20 Certutil –setreg ca\RenewalValidityPeriod Years Certutil –setreg ca\RenewalValidityPeriodUnits 20 These settings would take effect the next time you renew the CA certificate. You can do so immediately to extend the lifetime of the CA cert without having to reissue anything: certutil -renewcert reusekeys then continue as you would normally with a new CA cert by deploying it to clients, etc.

Hi, The validity period of root CA certificate is specified during setup of Certificate Services. Renewing a certification authorityhttp://technet.microsoft.com/en-us/library/cc740209(WS.10).aspx Alternatively, you can specify the validity period in CAPolicy.inf and then renew the CA certificate. Please refer to the "certsrv_server" section of the following article: How CA Certificates Work http://technet.microsoft.com/en-us/library/cc737264(WS.10).aspx To migrate CA, you can refer to the Active Directory Certificate Services Upgrade and Migration Guide at http://technet.microsoft.com/en-us/library/cc742515(WS.10).aspx This posting is provided "AS IS" with no warranties, and confers no rights.