Windows PKI - Renew/Replace SubCA cert

shockoQA-1 61 Reputation points
2022-07-11T22:40:00.21+00:00

I have a lab offline RootCA and online Enterprise issuing/Sub CA both running Windows 2016 core. My Sub CA cert expired months ago but I cannot figure out the process to renew or replace it from the CLI in windows core. Can anyone offer guidance?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,681 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Maikol AD 1 Reputation point Microsoft Employee
    2022-07-12T03:43:50.357+00:00

    hello,

    you can renew it by using certutil commands: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil

    for example: certutil [options] -renewcert [reusekeys] [Machine\ParentCAName]

    or if you have another CA gui version, you can connect remotely using certsrv.msc or add just the role and connect.

    0 comments No comments