Sometimes admins have problem to prolong Validity of Root Certification Authority when proceed recommendation by Microsoft post at “Renew a root certification authority” . Then they see “Validity” of new created certificate with the same expiration date as previous. And how resolve this problem?
Just create file “CAPolicy.inf” in the path %SystemRoot% as it’s described in post
[Version] Signature= "$Windows NT$" [Certsrv_Server] RenewalKeyLength=4096 RenewalValidityPeriod=Years RenewalValidityPeriodUnits=20 [CRLDistributionPoint] [AuthorityInformationAccess]