This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a lab offline RootCA and online Enterprise issuing/Sub CA both running Windows 2016 core. My Sub CA cert expired months ago but I cannot figure out the process to renew or replace it from the CLI in windows core. Can anyone offer guidance?
why you would renew expired CA? BTW, you cannot renew expired CA, you will have to rebuild the CA from scratch.
That's a fair point. perhaps I used the term 'renew' incorrectly. Is it not possible to avoid rebuilding the CA and issue it a new certificate form the root ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 98%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
hello,
you can renew it by using certutil commands: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil
for example: certutil [options] -renewcert [reusekeys] [Machine\ParentCAName]
or if you have another CA gui version, you can connect remotely using certsrv.msc or add just the role and connect.