Configuring NAP Health Certificate Lifetime on standalone CA RRS feed

  • Question

  • Hi all,

    In configured DirectAccess with Network Access Protection enabled. The specified NAP CA server does not allow to select a certificate template, its a non enterprise CA.

    I want to configure the default Health Certificate lifetime to 8 hours instead the default of 4 hours.

    According to http://technet.microsoft.com/en-us/library/gg502563.aspx#BKMK_Plan , section "Planning for NAP certificates" Nr. 9 b) this could be configured by changeing a registry key HKEY_LOCAL_MACHINE\\SOFTWARE\\WhaleCom\\e-Gap\\Configuration\HealthCertValidityPeriod. There is the Configuration directory, but this key HealthCertValidityPeriod is not there. When I add it and set its default value to 480 minutes nothing changes with the issued Health Certificate Lifetime. When I reboot the system the added registry key HealthCertValidityPeriod has disappeared from the Configuration directory.

    How can I configure the Health Certificate Lifetime properly for a non-enterprise CA?

    • Edited by alphalz Friday, July 13, 2012 8:56 AM reboot info
    Friday, July 13, 2012 8:55 AM

All replies

  • Hi,

    This is done in the HRA (HCSCFG.MSC), by right clicking on the Certificate Authority and Selecting Properties.

    You'll be able to configure for how long the certificates will be vaild.


    • Proposed as answer by MattiasG Tuesday, June 3, 2014 1:07 PM
    Wednesday, November 7, 2012 3:06 PM