No option to "Renew CA certificate" under "All Tasks" when I right click my Certificate Authority server

Mario 21 Reputation points
2021-03-03T12:02:32.613+00:00

We have a Root CA that's going to expire soon but I don't have the option to renew it when I go to All Tasks.

The environment we are using is Windows Server DataCenter 2016 Core. Please keep in mind that our Certificate Server is Server Core which means I don't have a GUI which is another issue because all tutorials online state the solution in GUI mode!!!!

I Looked up countless tutorials which all say "in GUI Windows Server, right click your CA and select "All Tasks" and then select "Renew Certificate CA" but I can't see that anywhere.

Please help!!

Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes

Accepted answer
  1. Anonymous
    2021-03-04T00:16:20.61+00:00

    Hi,
    Based on my understanding , on a server core, not only the CA ,there is no GUI for other roles either.
    To renew the CA certificate, we need to use the command :

    Command:Certutil -renewCert ReuseKeys renews the CA with the existing key pair
    Command:Certutil -renewCert renews the CA with a new key pair

    More information for your reference:
    https://learn.microsoft.com/en-us/windows/win32/seccrypto/certification-authority-renewal
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)?redirectedfrom=MSDN

    Best Regards,

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.