My Root CA expired coming 25 Nov 2013, I did renew the certification by today 30 Oct 2013. As I understand the Server/Client will automatic renew the new root certification after 6 week ( please correct me I've wrong ). For my situation, i only have 4 week
before reach to expired.
I would like to know, if Server / PC haven't get the new root certification, what will be happen ?
Based on my research, the subordinate CAs and clients will
renew certificates automatically if the
auto-enrollment feature is enabled.
If this feature is not enabled in your organization, you need to renew certificates manually.
In addition, here are the certificate renewal criteria below:
Automatic certificate renewal will only occur when 80 % of the certificate lifetime has passed, or when the
renewal interval period specified on the template has been reached whichever timeframe is smaller.
If the renewal period is greater than 20 percent of the certificate lifetime, auto-enrollment will not automatically attempt certificate renewal until the 80 percent threshold has been reached.
Renewal intervals are determined by the certificate template, which is set to six weeks (before expiration) by default.
After you renewed the Root CA, it continues to issue certificates by using the
new CA certificate, unexpired certificates that were issued by the pre-renewal CA continue to be
trusted until they expire or are revoked.
If the certificate of a CA expires, before a renewal, the CA can no longer provide certificate services. When the certificates of end users or computers expire, these
certificates become invalid.
I was wondering about the question
force enroll, do you mean
automatically approve all the certificate requests? If yes, we can achieve this using Certificate auto-enrollment feature.
Here are some related links below that could be helpful to you:
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.