Question : Microsoft certificate service validity period and expiration date confusion

A while ago i created a self-signed certificate on a Windows 2003 standard edition valid for 100 years. The server that was used to create the certificate was destroyed but the certificate is still valid and still in use.

I have a project in which i will have to create other certificates but there seems to be a limitation with standard windows 2003 and i cannot understand how i managed to created the 100 years certificate.

I am confused about this Microsoft article

As per Microsoft Article ID: 254632 it says:

The validity period that is defined in the registry affects all certificates that are issued by Stand-alone and Enterprise CAs. For Enterprise CAs, the default registry setting is two years. For Stand-alone CAs, the default registry setting is one year. For certificates that are issued by Stand-alone CAs, the validity period is determined by the registry entry that is described later in this article. This value applies to all certificates that are issued by the CA.

For certificates that are issued by Enterprise CAs, the validity period is defined in the template that is used to create the certificate. Windows 2000 and Windows Server 2003 Standard Edition do not support modification of these templates. Windows Server 2003 Enterprise Edition supports Version 2 certificate templates that can be modified. The validity period defined in the template applies to all certificates issued by any Enterprise CA in the Active Directory forest. A certificate that is issued by a CA is valid for the minimum of the following periods of time:

The registry validity period that is noted earlier in this article.

This applies to the stand-alone CA, and Subordinate CA certificates issued by the Enterprise CA.
The template validity period.

Seems like i need a Microsoft Enterprise edition to modify the validity date but i did not have one when creating my 100 years certificate.

There must be something that i am missing

Answer : Microsoft certificate service validity period and expiration date confusion

Templates are just that - predefined settings or group of settings options (like you can select 1024 or 2048 bit key length, but not 512) for issuing certificates. It will define what key usages to apply, the validity period of the issued cert, and so forth. Normally these would be used for issuing certs to the end user or computer, not for CA servers.

In your case you would want to use the registry settings and renew.

Random Solutions

How do I expand wireless coverage, beyond a single access point's range, to encompass a large house (or office).

HTTP Status 500 error

How to disable DND on a Linksys SPA942

connect to wireless router on my windows server 2003 system

My new MacBook Pro, running XP, will not see the wireless networks

Router - Best bang for your buck

Server 2003 DHCP not working, probably easy question

How to fix TCP/IP stack

CME Dial Peers. Can call 411 and 91+area code 11 digit dialing, but not 10