Hello, we have a Single Windows 2012 R2 server which is a dual role domain controller and Root CA for our internal Windows domain. Our current root certificate is going to expire soon and I am trying to renew it. Our environment is very basic, we have a single CA and only use certificates for LDAPs when communicating with Domain Controllers. We currently are not issuing certificates to workstations.
After opening the certsrv console and choosing "Renew CA Certificate.." I am asked to stop AD Certificate services, I select yes then get a prompt asking me if I want to rekey the cert, I choose "no" here. Our keys are not compromised, I am just trying to extend it.
The operation appears to complete successfully, but upon right click > properties of the root CA, there is no change to the root certificate list. A new cert is never issued and the existing cert (Certificate #2) is still listed with the old expiration date.
Additionally we have an old expired certificate and I can't figure out how to delete. Any ideas?




