CA is issuing Certificates only for three years

Below is the issue faced by one my client last week that they are not able to provide the certificates with more than 5 years validity even though certificate template is issued with 5 Years.

1

 

Above Template shows that certificate Validity period 5 Years but when it is issues the certificate provides the certificate validity only for 3 years.

2

3

When we run the Certutil command

certutil -getreg ca\validityperiodunits

4

 

There is a problem. it is allowed only for three years in the registry level. Hence  run the below commands to set it to 5 years.s Before running the commands ensure backup has been sucessfully taken both CA and Registry.

certutil-setreg ca\ValidityPeriodUnits 5

5

Restart the CA services by running below commands

net stop certsvc

net start certsvc

6

Now you will see the certificates are getting issued with 5 Years without any issues.

Author Bio

Radhakrishnan Govindan

Leave a Reply

Your email address will not be published. Required fields are marked *