Certificate Services: CA store certificate has expired

A

Andres M

Two years ago, I configured a private CA store, the Root
CA certificate has expired, I've tried to renew but I
alwaus get Access Denied Errors, I found the following Q
articles but still no luck,,, any ideas ???

Tks

Andres
 
B

Brian Komar

microsoft.public.win2000.security

Two years ago, I configured a private CA store, the Root
CA certificate has expired, I've tried to renew but I
alwaus get Access Denied Errors, I found the following Q
articles but still no luck,,, any ideas ???

Tks
Click to expand...
Is it an enterprise or a standalone CA. For a standalone CA, you must
be a local Adminstrator of the computer, and for an enterprise CA, you
must be a local Administrator and member of the Enterprise Admins.

Also, do you have a capolicy.inf file in the %windir%.
The CAPolicy.inf should have the following entries:

[certsrv_server]
renewalkeylength=2048
RenewalValidityPeriodUnits=20
RenewalValidityPeriod=years

These define the renewal private key settings.
Other settings are required and are discussed in the Best Practices WP

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/
operate/ws3pkibp.asp

Brian
 
G

Guest

Thanks Brian, I'm going to take a look

Andres
-----Original Message-----
microsoft.public.win2000.security

Two years ago, I configured a private CA store, the Root
CA certificate has expired, I've tried to renew but I
alwaus get Access Denied Errors, I found the following Q
articles but still no luck,,, any ideas ???

Tks
Click to expand...
Is it an enterprise or a standalone CA. For a standalone CA, you must
be a local Adminstrator of the computer, and for an enterprise CA, you
must be a local Administrator and member of the Enterprise Admins.

Also, do you have a capolicy.inf file in the %windir%.
The CAPolicy.inf should have the following entries:

[certsrv_server]
renewalkeylength=2048
RenewalValidityPeriodUnits=20
RenewalValidityPeriod=years

These define the renewal private key settings.
Other settings are required and are discussed in the Best Practices WP

http://www.microsoft.com/technet/prodtechnol/windowsserve r2003/maintain/
operate/ws3pkibp.asp

Brian
.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How do you issue a new Root CA Certificate EXPIRATION? 0
CA Certificates 2
CA: Can't download certificate 1
CA Problems 6
Windows XP computer certificate renewal from MS W2k Enterprise CA 3
Clients cant get new Cert from CA - 0x800b0101 0
Automatically Renewing User Certificates from Inhouse CA? 7
CA generating private keys 1

Top