question

SunghyunPark-5022 avatar image
0 Votes"
SunghyunPark-5022 asked FanFan-MSFT commented

Certification Authority auto renewal

Hi. I have Windows Certification Authority. It is Enterprise CA. Here is my question. Can I prevent auto renewal my CA root certificate? How to set it? When will the certificate be renewed if it allows automatic renewal? Can the update period be set before expiration? Thanks.

windows-server-applicationcompatibility-certification
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Hi,
If there are any progress welcome to share here!
Any one who has experience on this will be appreciated to share here too!

Best Regards,

0 Votes 0 ·

1 Answer

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

Based on my understanding , you have an CA act as an Enterprise and root CA, right?
If i misunderstand you ,please feel free to let me know.

In the PKI environment , it is not supported to renew the root ca certificates automatically.
You don' t need to do anything.
https://social.technet.microsoft.com/Forums/lync/en-US/196a6229-c118-49e7-b073-df79e71ce5b1/auto-renew-an-enterprise-ca-root-certificate?forum=winserversecurity

If you mean the certificates issued by CA for the clients and users , yes ,it can be set not to renew automatically.
The certificates by the ca issued will not auto-enroll by default if the requirements didn't been meet:
auto-enroll group policy
auto-enroll permission for the templates
https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.