Article ID: 927169
Article Last Modified on 11/10/2006
APPLIES TO
- Microsoft Windows Server 2003 Service Pack 1, when used with:
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
- Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
- Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
SYMPTOMS
Consider the following scenario. On a computer that is running Microsoft Windows Server 2003 R2 or Microsoft Windows Server 2003 with Service Pack 1 (SP1), you create a certification authority (CA). You then add custom extensions in the CAPolicy.inf file. Then, you renew the root CA certificate by using a new key. In this scenario, the custom extensions do not take effect.
For example, you use the CAPolicy.inf file to suppress the CRL distribution point extension. Then, you renew the CA certificate by using a new key. In this example, the root certificate still has the CDP extension.
RESOLUTION
To resolve this problem, renew the CA certificate again. This time, use the same key for the new root CA certificate. To do this, run the following commands at the command prompt:
Certutil -renewCert ReuseKeys
Net stop CertSvc
Net start CertSvc
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Keywords: kbexpertiseinter kbtshoot kbprb KB927169