I need to renew our NDES Server certificate and also its PKI certificate on it

Mike Paranich 0 Reputation points
2024-03-15T15:43:05.76+00:00

I need to renew our NDES Server certificate and also its PKI certificate on it. These are not yet expired. They will expire in July. The goal is to renew for 10 years.

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
419 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,899 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
942 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,366 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,085 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Crystal-MSFT 48,766 Reputation points Microsoft Vendor
    2024-03-18T01:48:10.1633333+00:00

    @Mike Paranich, Thanks for posting in Q&A. To renewal of "Enrollment Agent" certificate used by NDES, you can try the steps in the following link:

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/certificates-and-public-key-infrastructure-pki/renewal-of-enrollment-agent-certificate-fail#resolution

    To renew NDES server certificate, you can go to the computer certificate store console in MM on NDES server, find the certificate, right click it to renew it.

    Meanwhile, for the certificate valid period, it depends on the "validity period" configured on the certificate template. You can check to see if the "validity period" is 10 years.

    Based on my checking the two specific templates – CEP Encryption and Exchange Enrollment Agent (Offline request). Both templates are V1 templates and therefore cannot be modified. The "validity period" is 2 years by default. However, as they may not meet your requirements, you can enroll new certificates based on customized templates and clean out the certificates installed during installation. Here is a link with more details for your reference.

    https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ndes-security-best-practices/ba-p/2832619

    Hope the above information can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.