Share via

How to renew certificate CA for one year?

Claudio Ferreira Da Silva 31 Reputation points
2024-07-28T21:44:21.5933333+00:00

Step by step how to renew a Certificate Authority for one year or more in Windows Server 2019.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,622 questions
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,223 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,441 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,664 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,035 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 18,570 Reputation points MVP
    2024-07-28T22:07:17.56+00:00

    Follow https://4sysops.com/archives/renew-windows-root-ca-certificate/

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Yanhong Liu 5,305 Reputation points Microsoft Vendor
    2024-07-29T09:41:47.0233333+00:00

    Hello,

    Thank you for posting in Q&A forum.

    In Windows Server 2019, renewing a Certificate Authority (CA) certificate is an important maintenance task. Renewing a CA certificate ensures the trust and security of the certificate chain. Here are the detailed steps to renew your CA certificate, which can be renewed for a year or more.

    Step 1: Back up the current CA configuration and certificates

    Before renewing a CA certificate, it is recommended to back up the current CA configuration and certificates.

    1. Open the Certificate Authorities console.
    2. Right-click the CA name and select "All Tasks" -> "Backup CA".
    3. Follow the wizard to complete the backup and make sure to back up the CA certificate and key.

    Step 2: Renew the CA certificate

    1. Open the Certificate Authorities console.
    2. Right-click on the CA name and select "All Tasks" -> "Renew CA Certificate".
    3. Select "Renew certificate with existing key" and click "Next".
    4. Specify a new validity period (e.g. one year or more) and click "Next".
    5. Follow the wizard to complete the renewal process.

    Step 3: Confirm that the CA certificate has been successfully renewed

    1. Open the Certificate Authorities console.
    2. Right-click the CA name and select Properties.
    3. In the General tab, check the "Validity Period" and "Validity Period" to confirm that the certificate was successfully renewed.

    Step 4: Publish a new CRL (Certificate Revocation List)

    1. Open the Certificate Authorities console.
    2. Right-click on "Issued Certificates" - > "All Tasks" - > "Publish".
    3. Select "New Certificate Revocation List (CRL)" and click "OK".

    Step 5: Update the CA certificate template (optional)

    If there are specific needs, the CA certificate template may need to be updated to reflect the new expiration date.

    1. Open the Certificate Templates console.
    2. Select the certificate template that needs to be updated, right-click and select Properties.
    3. In the Expiration dates tab, adjust the expiration date settings.
    4. Republish the updated template to the CA.

    Example: Command Line to Renew a CA Certificate (Using Certutil)

    You can use the command-line tool certutil to renew the CA certificate. Here's an example command:

    cmdCopy codecertutil -renewCert <CAName> <ValidityPeriod>

    • <CAName>: The name of the CA.

    • <ValidityPeriod>: Expiration date, e.g. 365 for one year.

    Backup: Before any operation, make sure you have backed up your CA configuration and certificates in case anything goes wrong.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.