Change the Certificate Validity Period From Default of One Year
ID: Q239539
|
The information in this article applies to:
-
Microsoft Internet Information Server version 4.0
SUMMARY
WARNING: Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall your operating system. Microsoft cannot
guarantee that problems resulting from the incorrect use of Registry Editor
can be solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the "Changing Keys and
Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete
Information in the Registry" and "Edit Registry Data" Help topics in
Regedt32.exe. Note that you should back up the registry before you edit it.
If you are running Windows NT, you should also update your Emergency
Repair Disk (ERD).
Microsoft Certificate Server 1.0
By default, certificates issued by Microsoft Certificate Server 1.0 are valid for one year. You can modify the registry values under the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\<YourCAName>
Default values:
- ValidityPeriod REG_SZ "Years" (Must be plural!)
- ValidityPeriodUnits REG_DWORD 0x1
- Set ValidityPeriodUnits to an integer value, from 1-5. Stop, and then restart, the Certificate Server service.
- The validity period of a root Microsoft Certificate Server CA certificate is five years for Certificate Server 1.0.
- The validity period of a non-root Microsoft Certificate Server CA certificate is controlled by the issuing Certificate Authority.
- Certificates issued by your Certificate Server will expire no later than the same time when your CA Certificate expires.
For example, if there are only two years left on your CA Certificate, issued certificates will be valid for no more than two years, even if you set the registry to issue five year certificates.
Additional query words:
Expiry Validity Period
Keywords : kbIIS kbiis400
Version : winnt:4.0
Platform : winnt
Issue type : kbhowto