locked
Configuring NAP Health Certificate Lifetime on standalone CA RRS feed

  • Question

  • Hi all,

    In configured DirectAccess with Network Access Protection enabled. The specified NAP CA server does not allow to select a certificate template, its a non enterprise CA.

    I want to configure the default Health Certificate lifetime to 8 hours instead the default of 4 hours.

    According to http://technet.microsoft.com/en-us/library/gg502563.aspx#BKMK_Plan , section "Planning for NAP certificates" Nr. 9 b) this could be configured by changeing a registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\WhaleCom\\e-Gap\\Configuration\HealthCertValidityPeriod. There is the Configuration directory, but this key HealthCertValidityPeriod is not there. When I add it and set its default value to 480 minutes nothing changes with the issued Health Certificate Lifetime. When I reboot the system the added registry key HealthCertValidityPeriod has disappeared from the Configuration directory.

    How can I configure the Health Certificate Lifetime properly for a non-enterprise CA?


    • Edited by alphalz Friday, July 13, 2012 8:56 AM reboot info
    Friday, July 13, 2012 8:55 AM

All replies

  • Hi,

    This is done in the HRA (HCSCFG.MSC), by right clicking on the Certificate Authority and Selecting Properties.

    You'll be able to configure for how long the certificates will be vaild.

    \Mattias

    • Proposed as answer by MattiasG Tuesday, June 3, 2014 1:07 PM
    Wednesday, November 7, 2012 3:06 PM