Certificate Services: CA store certificate has expired

's Computer Specifications

Two years ago, I configured a private CA store, the Root
CA certificate has expired, I've tried to renew but I
alwaus get Access Denied Errors, I found the following Q
articles but still no luck,,, any ideas ???

Tks

Andres

's Computer Specifications

In article <597701c3e5d6$38780e60$(E-Mail Removed)>,
(E-Mail Removed) says...
> microsoft.public.win2000.security
>
> Two years ago, I configured a private CA store, the Root
> CA certificate has expired, I've tried to renew but I
> alwaus get Access Denied Errors, I found the following Q
> articles but still no luck,,, any ideas ???
>
> Tks
>
>
Is it an enterprise or a standalone CA. For a standalone CA, you must
be a local Adminstrator of the computer, and for an enterprise CA, you
must be a local Administrator and member of the Enterprise Admins.

Also, do you have a capolicy.inf file in the %windir%.
The CAPolicy.inf should have the following entries:

[certsrv_server]
renewalkeylength=2048
RenewalValidityPeriodUnits=20
RenewalValidityPeriod=years

These define the renewal private key settings.
Other settings are required and are discussed in the Best Practices WP

http://www.microsoft.com/technet/pro...2003/maintain/
operate/ws3pkibp.asp

Brian

's Computer Specifications

Thanks Brian, I'm going to take a look

Andres
>-----Original Message-----
>In article <597701c3e5d6$38780e60$(E-Mail Removed)>,
>(E-Mail Removed) says...
>> microsoft.public.win2000.security
>>
>> Two years ago, I configured a private CA store, the
Root
>> CA certificate has expired, I've tried to renew but I
>> alwaus get Access Denied Errors, I found the following
Q
>> articles but still no luck,,, any ideas ???
>>
>> Tks
>>
>>
>Is it an enterprise or a standalone CA. For a
standalone CA, you must
>be a local Adminstrator of the computer, and for an
enterprise CA, you
>must be a local Administrator and member of the
Enterprise Admins.
>
>Also, do you have a capolicy.inf file in the %windir%.
>The CAPolicy.inf should have the following entries:
>
>[certsrv_server]
>renewalkeylength=2048
>RenewalValidityPeriodUnits=20
>RenewalValidityPeriod=years
>
>These define the renewal private key settings.
>Other settings are required and are discussed in the
Best Practices WP
>
>http://www.microsoft.com/technet/pro...l/windowsserve
r2003/maintain/
>operate/ws3pkibp.asp
>
>Brian
>.
>

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Unable to find manifest signing certificate in the certificate store.	Dom	Microsoft C# .NET	0	25th May 2010 03:26 PM
install certificate in certificate store programmaticly	Daniel Knöpfel	Microsoft Dot NET	0	8th Aug 2006 02:36 PM
Programmatically Install Certificate into Windows Certificate Store	Brad	Microsoft Dot NET Framework	2	31st Jul 2006 09:32 PM
Certificate for VPN Client has expired (Computer Certificate)	=?Utf-8?B?RXJpayBIZWxnZXJ1ZA==?=	Windows XP Networking	4	9th May 2005 10:49 PM
MS Certificate services - CA root certificate has expired		Microsoft Windows 2000	0	28th Jan 2004 07:55 PM