Hi, My CA on Windows server 2003 Standard edition SP1 (yes, SP1, there is a reason it's still on SP1) is expiring very soon. I'd like to renew with the same key pair to extend the validity of the root CA certificate. However, I've looking through documents but am not sure the effects on such CA renewal. I suppose after CA certificate renewal, I must renew all Exchange 2003 and 2007 OWA certificates since they expire as well. - What about users who use EFS? Will they still be able to use EFS fine w/o further intervention? - What will happen to the certificate on DCs? I see there is a certificate on DC but will it renew automatically? - Because we run on 2003 Server, we should not have Auto Enrollment issue to watch out for. - Is there a way to automatically populate the new CA certificate? I used to ask each user to click on the root CA certificate PEM file on my intranet to install it but I am hoping there is a simple way to populate it to all Windows (mostly XP) clients. My goal is to find out what may break after renewing with the same key pair so I can prevent them from happening. Please advice. Thank you!

Hello, please use the Security forum for your questions: http://social.technet.microsoft.com/Forums/en/winserversecurity/threads That's the better place to ask.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

OK. Got it. No wonder I could not find any category related to CA. Thank you. Please close this.