Certificate Root CA is expiring
i installed stand alone root ca in october 2003 on windows 2000 server. authenticate machines connecting l2tp/ipsec windows 2000 server. issued few certificates websites using ssl.
technicians use web enrollment tool make requests pc's deploy certificates. have grown on 500 machines right now.
ca root certificate expire in october 2009 , impossible have technicians go around update 500 pc certificates time october comes around.
want move new certificate server using windows 2003 enterprise ca can automatically enroll computer certificates.
other issue our domain consists of windows 2000 dc's (10 of them across country).
there no budget upgrade these machines in 2009. must wait 2010.
have strategy can follow working?
there benefit using w2k8 certificate services on w2k3r2?
if renew current certificate server's ca certificate, certificates issued still valid?
can offer.
technicians use web enrollment tool make requests pc's deploy certificates. have grown on 500 machines right now.
ca root certificate expire in october 2009 , impossible have technicians go around update 500 pc certificates time october comes around.
want move new certificate server using windows 2003 enterprise ca can automatically enroll computer certificates.
other issue our domain consists of windows 2000 dc's (10 of them across country).
there no budget upgrade these machines in 2009. must wait 2010.
have strategy can follow working?
there benefit using w2k8 certificate services on w2k3r2?
if renew current certificate server's ca certificate, certificates issued still valid?
can offer.
an issuing ca never issue certificate valid beyond date of own ca certificate: if ca certificate has 6 months run , ca is configured issue certificates valid 12 months, issue 6 month certificate.
likewise issuing ca cannot have ca certificate valid longer root ca's ca certificate.
so certificates expire in october: should albe confirm checking issued certificates.
windows 2000 ad had mechanism "auto" enrol certificates computers in group policy ("automatic certificate request settings") should able rollout replacement machine certificates. not work user certificates.
i not know if can use 2003/8 methods autoenrollment 2000 ad: perhaps if 2003 forestprep/domainprep updates made appropriate group policy settings , configurable , effective, want trying now?
paul
likewise issuing ca cannot have ca certificate valid longer root ca's ca certificate.
so certificates expire in october: should albe confirm checking issued certificates.
windows 2000 ad had mechanism "auto" enrol certificates computers in group policy ("automatic certificate request settings") should able rollout replacement machine certificates. not work user certificates.
i not know if can use 2003/8 methods autoenrollment 2000 ad: perhaps if 2003 forestprep/domainprep updates made appropriate group policy settings , configurable , effective, want trying now?
paul
Windows Server > Security
Comments
Post a Comment