Microsoft KB Archive/281557

= How to Set an Enterprise Subordinate CA to Have a Different Certificate Validity Period than the Parent CA =

Article ID: 281557

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



This article was previously published under Q281557



SUMMARY
This article describes how to set an enterprise subordinate certification authority (CA) to have a different certificate validity period than that of the parent CA.



MORE INFORMATION
You can use the following steps to give a subordinate CA a different certificate validation period than that of the parent CA. This process is divided into the following three steps:

Step 1: Set the validation period on the parent CA.

Step 2: Install the subordinate CA.

Step 3: Set the validation time back on the parent CA.

 Set the validation period on the parent CA. To do this, use the following commands to set the desired validation period on the parent CA that will issue the certificate of the subordinate CA:

certutil -setreg ca\ValidityPeriod &quot;Weeks&quot;

certutil -setreg ca\ValidityPeriodUnits &quot;3&quot;

 Install the subordinate CA. Make sure that you use the parent CA that you used in step 1. Reset the validation period on the parent CA that issued the certificate of the subordinate CA (for example, &quot;2 years&quot;, which is the default value). To do this, use the following commands:

certutil -setreg ca\ValidityPeriod &quot;Years&quot;

certutil -setreg ca\ValidityPeriodUnits &quot;2&quot;

Note: If you run certutil -getreg ca\val* on the subordinate CA, both the ValidityPeriod property and the ValidityPeriodUnits property are still synchronized with the parent CA, even though the subordinate CA certificate is only valid for three weeks.

Keywords: kbsecurityservices kbenv kbhowto kbsecurity KB281557

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.