Sometimes admins have a problem extend the validity of a Root Certification Authority when they follow Microsoft’s instructions in the post “Renew a root certification authority.” They then see that the Validity of the newly created certificate has the same expiration date as the previous one. So how do you resolve this problem?
Just create a file named “CAPolicy.inf” in the %SystemRoot% path, as described in the post.
[Version]
Signature= "$Windows NT$"
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
[CRLDistributionPoint]
[AuthorityInformationAccess]
Leave a Reply