window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-108815698-1');

Renew Issuing/Subordinate CA Certificate

By |2017-12-08T15:11:53+00:00May 13th, 2014|Azure, Cloud, Windows|0 Comments

 

Had a customer recently who needed to renew their issuing CA certificate as it was due to expire , I’ve just wrote up some simple steps you can do to renew this certificate as there a few TechNet articles around this subject and they’re not totally clear on the process to do this.

Steps to Renew if Root CA is online

  • Log onto your Issuing CA and open the Certificate Authority MMC
  • Right click on your Issuing CA > All Tasks > Renew CA Certificate
  • Press Yes to Stop AD Certificate Services
  • Press No to Generate a new Public/Private Pair
  • Make Sure the Computer Name is the FQDN of your Issuing CA and select your Root CA as your Parent CA
  • Press Ok

  • Now go to your Root Ca and open the Certificate Authority MMC
  • Select pending requests and issue the Certificate renewal we requested earlier
  • Now go to issued certificates
  • Double click the certificate you have just issued and go the details tab
  • Select copy to file
  • Export the certificate as CER file and copy the certificate over to the Issuing CA
  • Now go back to your Issuing CA , Right click your CA > All Tasks > Install CA Certificate
  • Press Yes to Stop AD Certificate Services
  • Change the File Extension from P7B to CER and select your Certificate File

  • Press open and your Issuing Ca Cert should be renewed J

 

Steps to Renew if Root CA is offline

  • Log onto your Issuing CA and open the Certificate Authority MMC
  • Right click on your Issuing CA > All Tasks > Renew CA Certificate
  • Press Yes to Stop AD Certificate Services
  • Press No to Generate a new Public/Private Pair
  • Make Sure the Computer Name is the FQDN of your Issuing CA and select your Root CA as your Parent CA
  • Press Cancel

  • On the C drive now you should have a REQ file , copy this to your Root CA
  • Now go to your Root Ca and open the Certificate Authority MMC
  • Right Click you Root CA > All Tasks > Submit New Request
  • Select the REQ file we have just copied onto the Root CA and select OK
  • Now go to pending requests and issue the Certificate we just requested
  • Now go to issued certificates
  • Double click the certificate you have just issued and go the details tab
  • Select copy to file
  • Export the certificate as CER file and copy the certificate over to the Issuing CA
  • Now go back to your Issuing CA , Right click your CA > All Tasks > Install CA Certificate
  • Press Yes to Stop AD Certificate Services
  • Change the File Extension from P7B to CER and select your Certificate File

  • Press open and your Issuing Ca Cert should be renewed J

 

 

Leave A Comment

like what you see? 

Sign-up to our newsletter and never miss out on the latest blogs, events and tech news from the world of risual
SUBSCRIBE!
Give it a try, you can unsubscribe anytime.
I consent to this website use of cookies and third party services. Accept