My Root CA expired coming 25 Nov 2013, I did renew the certification by today 30 Oct 2013. As I understand the Server/Client will automatic renew the new root certification after 6 week ( please correct me I've wrong ). For my situation, i only have 4 week before reach to expired.
I would like to know, if Server / PC haven't get the new root certification, what will be happen ?
Anyway can force enrolled ?
- Moved by Amy Wang_Moderator Thursday, October 31, 2013 9:00 AM CA related
Based on my research, the subordinate CAs and clients will renew certificates automatically if the auto-enrollment feature is enabled.
If this feature is not enabled in your organization, you need to renew certificates manually.
In addition, here are the certificate renewal criteria below:
- Automatic certificate renewal will only occur when 80 % of the certificate lifetime has passed, or when the renewal interval period specified on the template has been reached whichever timeframe is smaller.
- If the renewal period is greater than 20 percent of the certificate lifetime, auto-enrollment will not automatically attempt certificate renewal until the 80 percent threshold has been reached.
- Renewal intervals are determined by the certificate template, which is set to six weeks (before expiration) by default.
After you renewed the Root CA, it continues to issue certificates by using the new CA certificate, unexpired certificates that were issued by the pre-renewal CA continue to be trusted until they expire or are revoked.
If the certificate of a CA expires, before a renewal, the CA can no longer provide certificate services. When the certificates of end users or computers expire, these certificates become invalid.
I was wondering about the question force enroll, do you mean automatically approve all the certificate requests? If yes, we can achieve this using Certificate auto-enrollment feature.
Here are some related links below that could be helpful to you:
Renewing a certification authority
Selecting a Certificate Enrollment and Renewal Method
Introduction (Certificate Autoenrollment in Windows Server 2003)
I hope this helps!
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
Thanks for helping make community forum a great place.