Change the Certificate Validity Period From Default of One Year

• Microsoft Internet Information Server version 4.0

SUMMARY

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).


Microsoft Certificate Server 1.0

By default, certificates issued by Microsoft Certificate Server 1.0 are valid for one year. You can modify the registry values under the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\<YourCAName> 

1. ValidityPeriod REG_SZ "Years" (Must be plural!)
2. ValidityPeriodUnits REG_DWORD 0x1
3. Set ValidityPeriodUnits to an integer value, from 1-5. Stop, and then restart, the Certificate Server service.
4. The validity period of a root Microsoft Certificate Server CA certificate is five years for Certificate Server 1.0.
5. The validity period of a non-root Microsoft Certificate Server CA certificate is controlled by the issuing Certificate Authority.
6. Certificates issued by your Certificate Server will expire no later than the same time when your CA Certificate expires.
   
   For example, if there are only two years left on your CA Certificate, issued certificates will be valid for no more than two years, even if you set the registry to issue five year certificates.

Additional query words: Expiry Validity Period

Keywords : kbIIS kbiis400
Version : winnt:4.0
Platform : winnt
Issue type : kbhowto