Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, March 20, 2019 2:06 PM
Need to renew a server authentication certificate using our Enterprise CA.
When I right click on the expired certificate I get 2 options - Renew certificate with current key OR Renew certificate with new key.
Which one should I select. And will be the behavior after that.
Will I see pending request on CA after that and I have to just approve it and then will the certificate be issued?
Or do I need o manually install the certificate on the server by importing it?
All replies (3)
Thursday, March 21, 2019 2:27 AM
Hi,
If you are at the end of the validity period for your CA certificate, you should renew with a new key. Your client certificates will all have expiration dates that coincide with your CA expiration as they can not be valid beyond the CAs own validity period. So regardless of using a new or same key, all of your client certificates will need to be renewed. This is one reason why its important to renew your CA certificates ahead of time.
Please refer to the link below:
Renew a Certificate
/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730605(v=ws.11)
Best regards,
Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, March 21, 2019 7:43 AM
Hi M_C_7,
As Travis pointed out, it's more secure to renew the certificate with a new key. If it's only used for authentication and/or encryption of data in transit, there's no reason not to. The only thing that you should read up on if you have that is when the certificate is used to encrypt data at rest, using a new keypair might make the data inaccessible if not done correctly.
Kind Regards,
Friday, March 22, 2019 6:04 AM
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]