Windows PKI - Renew/Replace SubCA cert

shockoQA-1 61 Reputation points

I have a lab offline RootCA and online Enterprise issuing/Sub CA both running Windows 2016 core. My Sub CA cert expired months ago but I cannot figure out the process to renew or replace it from the CLI in windows core. Can anyone offer guidance?

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,681 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Maikol AD 1 Reputation point Microsoft Employee


    you can renew it by using certutil commands:

    for example: certutil [options] -renewcert [reusekeys] [Machine\ParentCAName]

    or if you have another CA gui version, you can connect remotely using certsrv.msc or add just the role and connect.

    0 comments No comments