No announcement yet.

Server 2003 CA Cert Renewal Questions

  • Filter
  • Time
  • Show
Clear All
new posts

  • Server 2003 CA Cert Renewal Questions

    I am running a server 2003 environment with a root CA that is kept offline 99% of the time; it is only powered on to create new CA certificates for its subordinate, which issues the certificates to end users for wireless access. I've gone through the process of obtaining a new CA cert from the root CA that will be valid for another 3 years. What will be the effects of installing the new certificate on the subordinate CA? I've read on microsoft's website that clients with the old certificate will be able to use it until it expires in a few months, and clients requesting a new certificate will use the new cert that won't expire for years.
    I want to make sure it's a seamless rollover for every client. What will happen once the old client certs expire? Will they get the new cert, or will it be automatically supported, since it's the same CA chain?

    Autoenrollment is not currently enabled. Will every client have to request a new certificate through the host\certsrv site once I install it on the CA, or is there an option to have the new cert pushed out / renewed for each client?