[Version]2. In Command Prompt, check the period, type following to check the certificate
Signature=”$Windows NT$”
[DC1]
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=10
certutil -getreg ca\ValidityPeriod
certutil -getreg ca\ValidityPeriodUnits
3. In Command Prompt,set the period, type following to change the period, where 10 is the periof of the certificate
certutil -setreg ca\ValidityPeriodUnits 10
4. Restart Active Directory Certificate Services
5. After you do that restart the Active Directory Certificate Services service. Now you’re ready for the next step, which is to create a new template that you can use to issue SSL certs that are good for 10 years. Start by opening up a new MMC window (Start…Run…mmc.exe) and then add 3 snap-ins: Certification Authority (for the local computer), Certificates (for the current user), and Certificates (for the local machine). Once those are added, expand the Certification Authority, right-click on the Certificate Templates node and select Manage:
6. That opens up the Certificate Templates console. Now, to simplify things you can just copy the existing Web SSL template. Scroll down the list of certificate templates until you find the named Web Server, right-click on it and select Duplicate Template. A dialog will pop up where you can set all the attributes that you want certificates based on this template to have. Here are the minimum changes you should make:
-
General tab: change the display name to something useful. In my case I called my SharePoint Hybrid Long Term SSL. Change the Validity Period to 10 years.
- Request Handling tab: check the option to Allow private key to be exported.
7. You should be back on the original MMC window you opened, so click on Certificate Templates again and this time select New…Certificate Template to Issue:
That will bring up a dialog that lists the certificate templates, and you can select the certificate template you just created. Most of the hard work is done at this point.
No comments:
Post a Comment