1. Open the Certification Authority management console if it??™s not already open.
2. Right-click your CA server instance, select All Tasks, and then select Renew CA
Certificate.
Figure 12-18. Entering a password to secure the private key and CA certificate
424 Microsoft Windows Server 2008 Administration
3. Since you cannot renew your CA certificate while AD Certificate Services is
running, you will be prompted to close AD Certificate Services. Click Yes.
4. Select No when asked to create a new signing key (Figure 12-19), and then
click OK. You would select Yes if you wanted to generate a new signing key in
addition to a new certificate.
5. A new certificate will be generated and AD Certificate Services will be started.
6. To verify that a new certificate has been created, right-click the CA server and
choose Properties. On the General tab, a new CA certificate will be visible in
addition to the previous CA certificate. Its expiration date will be equal in
length to the previous certificate, so if the old certificate was valid for five
years, for example, the new certificate will also be valid five years from when it
was issued.
Figure 12-19. Renewing a CA certificate
425 Chapter 12: Enterprise Public Key Infrastructure
ISSUING CERTIFICATES
An Enterprise CA can issue certificates using a number of different methods. Users can
request certificates directly using the Certificates MMC snap-in from a computer that is
joined to the domain.
Pages:
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455