How do I change the CN of my CA?

Question

Hello,

I have a server that was installed with the certification authority role and during this installation, the registered CN was: CA-ROOT-CA.

A certificate has been created:

CA-ROOT-CA.crt

CA-ROOT-CA.crl and CA-ROOT-CA+.crl for the revocation list

When I open the certificate authority service, the server name appears as SRV1, which is different from the CN:CA-ROOT-CA that was generated and configured.

In the root folder I have two CA-ROOT-CA.crt certificates with the two .crl certificates and srv1.crt and two .crl certificates.

The problem is that the CDP location points to the CA-ROOT-CA.crl and has expired and when I try to publish a new CRL, it's a CRL with SRV1.crl.

Do I have to renew my CA certificate?

Is it possible to redo a CRL with the CA-ROOT-VA certificate?

Have a nice day.

Answer 1

Hello

It sounds like you have a complex situation with your certification authority server. If the CDP location points to an expired CRL, you may need to renew the CA certificate and publish a new CRL. It is possible to redo a CRL with the CA-ROOT-VA certificate, but the process can be complex and may require some troubleshooting. I would recommend consulting with a professional or referring to the Microsoft documentation for more detailed instructions on how to renew your CA certificate and publish a new CRL.

https://social.technet.microsoft.com/wiki/contents/articles/2016.root-ca-certificate-renewal.aspx

https://www.risual.com/2014/05/renew-issuingsubordinate-ca-certificate/

Answer 2

What I understand is that during installation of the Certificate Authority role, in the CA NAME section, specify the name of the CA > common name for this CA: CA-ROOT-CA.

I think the problem is related to the creation of the .crt certificate after the role has been installed.

If I create a new CA certificate, do I lose all the certificates already created for the other servers?