Delen via


Renew a Certificate

Applies To: Windows Server 2008

Every certificate has a validity period. After the end of the validity period, the certificate is no longer considered an acceptable or usable credential. The Certificates snap-in enables you to renew a certificate issued from a Windows enterprise certification authority (CA) before or after the end of its validity period by using the Certificate Renewal Wizard.

Renewing certificates

You can either renew the certificate with the same key set you used before, or you can renew a certificate with a new key set. This decision can be based on a number of factors, including the life of the certificate, the length of the existing or future key, the value of the data protected by the key pair, and the likelihood or unlikelihood that a private key has been obtained by a hostile user.

Before you renew a certificate, you need to know:

  • The issuing certification authority.

  • (Optional) If you want a new public key and private key pair for the certificate, the cryptographic service provider (CSP) that should be used to generate the key pair.

Windows provides an expiration notification to let you know that specific user or computer certificates have expired or are about to expire. In most cases, autoenrollment will automatically renew these certificates the next time you are connected to the network and log onto the computer.

The following topics contain procedures to use for renewing certificates:

In addition, you can renew certificates issued from both Windows enterprise CAs and Windows stand-alone CAs with the Certificate Services Web pages by pasting in the contents of a PKCS #7 file. For more information, see the following topic:

Additional considerations

  • User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can be managed only by an administrator or a user who has been given the appropriate permissions.