{"id":1717,"date":"2009-10-16T16:13:11","date_gmt":"2009-10-17T00:13:11","guid":{"rendered":"https:\/\/www.zubairalexander.com\/stage\/?p=1717"},"modified":"2009-10-16T16:13:11","modified_gmt":"2009-10-17T00:13:11","slug":"how-to-issue-a-certificate-for-longer-than-2-years-in-ws08","status":"publish","type":"post","link":"https:\/\/www.zubairalexander.com\/blog\/how-to-issue-a-certificate-for-longer-than-2-years-in-ws08\/","title":{"rendered":"How to Issue a Certificate for Longer Than 2 Years in WS08"},"content":{"rendered":"<p><span style=\"font-family: Verdana,Arial,Helvetica; font-size: x-small;\">Although it is not a common practice to issue certificates for a long duration and therefore Microsoft doesn&#8217;t allow the default Certificate Authority (CA) in Windows Server 2008 to issue a certificate for a period of longer than 2 years, if for some reason you decide to issue a certificate for longer than the default period, here&#8217;s what you need to do.<\/p>\n<p>1. Create a V3 template with the expiration period of your choice for the certificate.<\/span><\/p>\n<p><span style=\"font-family: Verdana,Arial,Helvetica; font-size: x-small;\"><br \/>\n2. Use the CertUtil tool to configure the maximum allowed validity. For example, the following commands will configure the certificate validity for 5 years:<br \/>\n<\/span><\/p>\n<blockquote><p><span style=\"font-family: Verdana,Arial,Helvetica; font-size: x-small;\"> CertUtil -setreg CA\\ValidityPeriodUnits 5<br \/>\nCertUtil -setreg CA\\ValidityPeriod &#8220;Years&#8221;<\/span><\/p><\/blockquote>\n<p><span style=\"font-family: Verdana,Arial,Helvetica; font-size: x-small;\"> 3. Restart the certificate service (at the command prompt type &#8220;<strong>net stop certsvc<\/strong>&#8221; and then &#8220;<strong>net start certsvc<\/strong>&#8221; without the quotes).<br \/>\n<\/span><\/p>\n<p><span style=\"font-family: Verdana,Arial,Helvetica; font-size: x-small;\">In Active Directory Certificate Services (AD CS), V3 certificate templates supersede the V1 and V2 certificate templates introduced in earlier versions of Windows and  support the latest Windows Server 2008 CNG cryptographic algorithms. V3 templates also provide a more secure method for client validation of domain controllers, and can encrypt client and server AD CS\u2013related communications.<\/span><\/p>\n<blockquote><p><span style=\"font-family: Verdana,Arial,Helvetica; font-size: x-small;\"><strong>NOTE<\/strong>: You must be running a WS08 CA in order to use V3 templates. Keep in mind that V3 templates can only be used by WS08\/Windows Vista and later clients.<br \/>\n<\/span><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Although it is not a common practice to issue certificates for a long duration and therefore Microsoft doesn&#8217;t allow the default Certificate Authority (CA) in Windows Server 2008 to issue a certificate for a period of longer than 2 years, if for some reason you decide to issue a certificate for longer than the default [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[24,11,30],"tags":[],"class_list":["post-1717","post","type-post","status-publish","format-standard","hentry","category-security","category-tips-tricks","category-longhorn-server"],"aioseo_notices":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/1717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/comments?post=1717"}],"version-history":[{"count":0,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/1717\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media?parent=1717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/categories?post=1717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/tags?post=1717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}