Certificate Authority problem


  • I have 2 Certificate machines....  an offline root, and an issuing.   both are win 2008 r2.

    Upon first setup a year ago, all was fine.  now it is time to renew.

    I did the various steps to get a new root cert, installed it on the issuing, life is good.

    Next, I took the cert and included it in GPO so all the other machines in the network will get it. (computer config/windows settings/security settings/public key policies/Trusted root cert authorities)

    After importing it there, I look at the cert.   it shows it is valid till Nov 2013.  I click on Certification path tab, I click on the ROOT, then view certificate and it show the root as being valid until Nov 2013.

    I run gpupdate /force on the DC, then I go to another machine, run gpupdate /force on there as well.

    I open the certificate for the local machine snap-in.

    I go to the Trusted Root Cert Authority, I find the new cert, and the date says it is valid till Nov 2013.  I click on the Certification path tab, click on the ROOT, then view certificate.

    It tells me the date of Dec 9<sup>th</sup> 2012.   That is the old date.

    Why is it not getting the new root cert information??

    Thursday, December 13, 2012 5:31 PM