Certificate Renewal Process
Renew
standalone root CA
1.
Log
on to the root CA , Open the Certification Authority console;
2.
Right click on the CA name,
select All Tasks->Renew CA Certificate. Click Yes on the question to stop
certificate services;
3.
Select
No on the question “Do you want to generate a new public and private key pair?”,
and then click ok;
4.
Copy
the .cer and .crl
files from C:\Windows\System32\CertSrv\CertEnroll to the same location
of Enterprise CA server, and then run certutil.exe -f -dspublish .cer RootCA and
certutil.exe -f -dspublish .crl.
Renew Enterprise
CA
1.
Log
on to the Enterprise CA server, and then Run gpupdate /force to make sure the new root CA
certificate installed if root CA certificate has been renewed;
2.
Open
the Certification Authority console in Enterprise CA server; Right click on the CA name,
select All Tasks-> Renew CA
Certificate;
3.
Select
No on the question “Do you want to generate a new public and private key pair?”,
and then click ok;
5.
Copy
certificate req file from c:\ to standalone root CA. Open then
Certification Authority console on the root CA, right click on the ca name,
select All Tasks-> Submit new request. Select the request file;
6.
Go
to Pending Request certificates, and then right click the requested
ceritificate, select All Tasks -> issue;
7.
Select the certificate what was just issued in
issued Certificates. Double-click on the entry, go to the Detail tab and click
on Copy to File. Accept all defaults on the Export Wizard and save the file as
*.cer;
8.
Copy
the .cer file to the Enterprise CA server. Stop the certificate service and then
select All tasks -> Install CA Certificate, provide path and file name of
the .cer file copied from standalone root CA;
9.
Start
certificate service in Enterprise CA server.
No comments:
Post a Comment