System Center Configuration Manager TechCenter >
System Center Configuration Manager Forums
>
Configuration Manager Internet Clients and Native Mode
>
Can my clients renwew or extend their certificates?
Can my clients renwew or extend their certificates?
- Greetings,
I should have made my certificate validity longer than the default. I have plenty of time until my client's certificates expire. However, can I extend the exisiting certificate in any way? Can I renew it right now instead of waiting until February? or do I have to create a new certificate for my clients and the two can co-exisit on a machine? Thanks for the help.
Answers
- If your referring to the "Computer" certificate then the client should auto request a new cert when it has expired. If you want you can enter the MMC and open the certificates store and right click on the Computer certificate and right click and renew the cert.
I have a tool that will allow you to see when certificates will expire.
http://www.sccm-tools.com/tools/vbscript/vbscript-certificates.html
Realize that the certifiate will expire 1 year (if the cert is for 1 year) from the time the computer Cert was received so it will be different times for different machines.
http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com- Marked As Answer byCarol BaileyMSFT, ModeratorSaturday, November 07, 2009 6:53 PM
- Edited byMatthew Hudson [MVP]MVPFriday, October 02, 2009 2:37 PMclarify statement
- No, the templates themselves don't expire but you do need to watch out for the validity period on the CA certificate - because a CA cannot issue certificates with a validity period that that is longer than its own remaining validity period.
More information: http://blogs.technet.com/configmgrteam/archive/2009/06/12/recommendations-for-pki-key-lengths-and-validity-periods-with-configuration-manager.aspx
- Carol
This posting is provided “AS IS” with no warranties and confers no rights- Marked As Answer byCarol BaileyMSFT, ModeratorSaturday, November 07, 2009 6:53 PM
All Replies
- If your referring to the "Computer" certificate then the client should auto request a new cert when it has expired. If you want you can enter the MMC and open the certificates store and right click on the Computer certificate and right click and renew the cert.
I have a tool that will allow you to see when certificates will expire.
http://www.sccm-tools.com/tools/vbscript/vbscript-certificates.html
Realize that the certifiate will expire 1 year (if the cert is for 1 year) from the time the computer Cert was received so it will be different times for different machines.
http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com- Marked As Answer byCarol BaileyMSFT, ModeratorSaturday, November 07, 2009 6:53 PM
- Edited byMatthew Hudson [MVP]MVPFriday, October 02, 2009 2:37 PMclarify statement
Doh! That's right! So I guess my question should be does the computer certificate template on the cert server expire? Will I ever have to worry about machines trying to request a new cert and the cert server "saying" something like "No valid certificates available." Thanks!
- No, the templates themselves don't expire but you do need to watch out for the validity period on the CA certificate - because a CA cannot issue certificates with a validity period that that is longer than its own remaining validity period.
More information: http://blogs.technet.com/configmgrteam/archive/2009/06/12/recommendations-for-pki-key-lengths-and-validity-periods-with-configuration-manager.aspx
- Carol
This posting is provided “AS IS” with no warranties and confers no rights- Marked As Answer byCarol BaileyMSFT, ModeratorSaturday, November 07, 2009 6:53 PM
- No updates for a while now - are your questions about certificate renewal addressed sufficiently to mark this as answered?
