This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 61%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
I need to renew our NDES Server certificate and also its PKI certificate on it. These are not yet expired. They will expire in July. The goal is to renew for 10 years.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Mike Paranich, Thanks for posting in Q&A. To renewal of "Enrollment Agent" certificate used by NDES, you can try the steps in the following link:
To renew NDES server certificate, you can go to the computer certificate store console in MM on NDES server, find the certificate, right click it to renew it.
Meanwhile, for the certificate valid period, it depends on the "validity period" configured on the certificate template. You can check to see if the "validity period" is 10 years.
Based on my checking the two specific templates – CEP Encryption and Exchange Enrollment Agent (Offline request). Both templates are V1 templates and therefore cannot be modified. The "validity period" is 2 years by default. However, as they may not meet your requirements, you can enroll new certificates based on customized templates and clean out the certificates installed during installation. Here is a link with more details for your reference.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Mike Paranich, Hope the above information can help. if there is anything else we can help, feel free to let us know.
Hi this is very helpful to a point, but I have been trying to find something with details and pictures and a full step by step for both cert types as I need to have this done before July 2024.
@Mike Paranich, Thanks for the reply. To duplicate the certificate template. You can follow the steps below: