How to extend date of SCOM certificate issued by Stand Alone CA


We found the way how to change expiration date of SCOM certificate issued by Stand Alone CA.

Be aware:

Expiration date on already issued certificates can not be
changed.

Only certificates issued after this Stand Alone CA registry
tuning will be affected.

 Before issuing SCOM certificate, we need to do some registry changes on Stand Alone CA.

1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate, and then click the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>
4. In the right pane, double-click ValidityPeriod.
5. In the Value data box, type one of the following, and then click OK:
  Days
  Weeks
  Months
  Years

6. In the right pane, double-click ValidityPeriodUnits.
7. In the Value data box, type the numeric value that you want, and then click OK. For example, type 2.
8. Stop, and then restart the Certificate Services service. To do so:
a. Click Start, and then click Run.
b. In the Open box, type cmd, and then click OK.
c. At the command prompt, type the following lines. Press ENTER after each line.
net stop certsvc
net start certsvc

d. Type exit to quit Command Prompt.

Tested on Windows Server 2003/2008/2008R2 CA.

 

Aplicable Windows Server 2003/2008/2008R2, 2012 - ?

Comments (0)

Skip to main content