Roman

Asked: 2022-03-17 14:40:09 +0800 CST2022-03-17 14:40:09 +0800 CST 2022-03-17 14:40:09 +0800 CST

How to set the lifetime of a CA certificate?

I'm trying to install a subordinate CA with Microsoft ADCS and when I do, it creates a .req file. Then I use that at the root CA to issue a certificate. The resulting certificate is always for 5 years. I want it to be 10. I have tried setting ValidityPeriod=Years and ValidityPeriodUnits=10 in the CAPolicy.inf file on the subordinate CA. And I have tried various other things, but nothing seems to make any difference. The installation command I'm using is:

Install-AdcsCertificationAuthority -CAType EnterpriseSubordinateCA -CACommonName "IssuingCA" -KeyLength 2048 -HashAlgorithm SHA256 -CryptoProviderName "RSA#Microsoft Software Key Storage Provider"

I uninstalled and tried to reinstall with -ValidityPeriod years -ValidityPeriodUnits 10 in the command, but got an error: Install-AdcsCertificationAuthority : Property cannot be modified in current state of object. Current CA Type does not allow this property to be modified. Two or more parameter values specified for a resource's properties are in conflict. 0x80071709 (WIN32: 5897 ERROR_CLUSTER_PARAMETER_MISMATCH)

Does anyone else know how to do this?

How to set the lifetime of a CA certificate?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

How to set the lifetime of a CA certificate?

0 Answers