I am trying to understand the behavior of autorenewal of computer certificate.
The "computer" certificate based on V1 template is distributed to domain computers via ACR (automatic certificate request) in a GPO. Upon observation, computer gets this certificate installed when it joins the domain. According to documentations, the computer
certificate distributed via ACR should be able to renew automatically. However, I noticed that on quite many machines this certificate had expired - some expired over a year. My questions are:
1. when a machine hits renew interval (< 6 weeks) does the renew automatically occur, or it needs a machine reboot to get the certificate renewed?
2. if the renewal needs a reboot and a machine does not get a chance to reboot untill this certificate expired, will a reboot at this point of time gets the certificate renewed, or gets a new certificte, or nothing happens?
3. What else can cause this computer certificate not renewed automatically?
Thanks.

There is an amazing pack of free network admin tools. click here to download it

Hi,

Please refer the following related articles:

Default Certificate Templates

http://technet.microsoft.com/en-us/library/cc755033.aspx


Certificate Template Versions

http://technet.microsoft.com/en-us/library/cc725838.aspx


Hope this helps!

Best Regards
Elytis ChengElytis Cheng
TechNet Community Support

There is an amazing pack of free network admin tools. click here to download it

Hi,

Please refer the following related articles:

Default Certificate Templates

http://technet.microsoft.com/en-us/library/cc755033.aspx


Certificate Template Versions

http://technet.microsoft.com/en-us/library/cc725838.aspx


Hope this helps!

Best Regards
Elytis ChengElytis Cheng
TechNet Community Support

Need to support users over the internet? click here try our remote control online beta