Thursday, December 13, 2012 5:31 PM
I have 2 Certificate machines.... an offline root, and an issuing. both are win 2008 r2.
Upon first setup a year ago, all was fine. now it is time to renew.
I did the various steps to get a new root cert, installed it on the issuing, life is good.
Next, I took the cert and included it in GPO so all the other machines in the network will get it. (computer config/windows settings/security settings/public key policies/Trusted root cert authorities)
After importing it there, I look at the cert. it shows it is valid till Nov 2013. I click on Certification path tab, I click on the ROOT, then view certificate and it show the root as being valid until Nov 2013.
I run gpupdate /force on the DC, then I go to another machine, run gpupdate /force on there as well.
I open the certificate for the local machine snap-in.
I go to the Trusted Root Cert Authority, I find the new cert, and the date says it is valid till Nov 2013. I click on the Certification path tab, click on the ROOT, then view certificate.
It tells me the date of Dec 9<sup>th</sup> 2012. That is the old date.
Why is it not getting the new root cert information??
- Moved by K_evin ZhuMicrosoft Contingent Staff, Moderator Friday, December 14, 2012 6:54 AM (From:General)