question

Mario-5409 avatar image
0 Votes"
Mario-5409 asked ·

No option to "Renew CA certificate" under "All Tasks" when I right click my Certificate Authority server

We have a Root CA that's going to expire soon but I don't have the option to renew it when I go to All Tasks.

The environment we are using is Windows Server DataCenter 2016 Core. Please keep in mind that our Certificate Server is Server Core which means I don't have a GUI which is another issue because all tutorials online state the solution in GUI mode!!!!

I Looked up countless tutorials which all say "in GUI Windows Server, right click your CA and select "All Tasks" and then select "Renew Certificate CA" but I can't see that anywhere.

Please help!!

windows-server-security
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,

0 Votes 0 ·

1 Answer

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered ·

Hi,
Based on my understanding , on a server core, not only the CA ,there is no GUI for other roles either.
To renew the CA certificate, we need to use the command :

Command:Certutil -renewCert ReuseKeys renews the CA with the existing key pair
Command:Certutil -renewCert renews the CA with a new key pair

More information for your reference:
https://docs.microsoft.com/en-us/windows/win32/seccrypto/certification-authority-renewal
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)?redirectedfrom=MSDN

Best Regards,

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

And I'm guessing I would need to execute this command on the Server (Host) itself right? Do I also need to be signed in as an administrator in a Domain Controller environment? If so, then what type of administrator ?

0 Votes 0 ·

Hi,
If the root ca in a domain member, you can use both the local administrator and the domain administrator.
Best Regards,

1 Vote 1 ·