Are you using a single-tier CA, or a two-tier CA, or perhaps even a three-tier CA?
We have a two-tier CA, and this is the procedure I worked out: The root certificate doesn’t expire until 2016, but the CRL expires every 180 days. o- Fire up the root CA - we use a 2008 R2 VM that's not joined to the domain o- Log in with the local Administrator account o- Start a command prompt (run as administrator) o- cd to c:\windows\system32\certsrv\certentroll o- issue the command "certutil -crl" (or use the GUI, as per http://technet.microsoft.com/en-us/library/cc778151%28v=ws.10%29.aspx)) o- verify that the date on the CRL file in your current directory has the current date/time o- map a drive to C$ (say, X:) on the issuing CA using your DA credentials o- copy the above CRL file to X:\\windows\system32\certsrv\certentroll o- shut down the root CA o- log into the issuing CA with your DA credentials o- issue the command "certutil -crl" (or use the GUI, as per http://technet.microsoft.com/en-us/library/cc778151%28v=ws.10%29.aspx)) Set a reminder for 170 days - which gives you 10 days notice to renew. HTH, Kurt On Thu, Aug 15, 2013 at 7:50 AM, Tammy George <[email protected]> wrote: > Hi all. > > > > Our Certificate server was setup by someone who is no longer here. The CA > is due to expire so we’re looking at renewing it. I’ve found docs on > renewing the CA (http://technet.microsoft.com/en-us/library/cc962077.aspx) > which seem pretty straightforward. What I’m wondering is – when I renew > this CA (ABC-CA), will the various certificates listed under ‘Certificates’ > in the MMC also be renewed (i.e. the ones that are issued by ABC-CA)? > > > > Also, users’ issued certificates are due to expire on August 26 at 3pm. > What will happen from a user’s prospective? > > > > Thanks much! > > - Tammy > >
