How to Extend the Certificate Expiration period in Operations Manager 2007
By default when we request a certificate in System Center Operations Manager 2007, the validity period is 1 year. When the certificate is about to expire you will receive a warning message on the RMS stating that the certificate on the RMS server is due to expire. To avoid and to extend the certificated expiration date you can perform the following steps:
1) Create a new text file named CApolicy.inf and copy the lines below into it. Once you save the file, copy it to the C:\Windows directory of the CA.
[Version]
Signature= "$Windows NT$"
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=15
[CRLDistributionPoint]
[AuthorityInformationAccess]
2) On the line above there is a field called ‘RenewalValidityPeriodUnits’. This is used for the validity period. In this example, we are using the validity as 15 years. You can choose a value according to your needs.
3) Edit the following registry value to 15 (matching the value used above):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>\ValidityPeriodUnits
4) Go to the Certificate Authority and highlight the server name.
5) Right click and go to All Tasks.
6) At the bottom is the option to renew the CA certificate. This will ask you to stop the Certificate Services. Select Yes.
7) This brings up a dialog box with the option to generate a new public and private key. Select Yes. It will now start the Certificate Services and your CA certificate will be renewed.
8) Go to start, run and type in MMC. Go to the console and highlight Add/Remove Snap-in.
9) Click on the add button, then choose the Certificates snap-in. Add the snap-in for the Computer Account, hit the next button and select the local computer and hit finish.
10) You should now have the console open for the certificates for the local computer. Expand the personal certificates which will tell you the extended expiration date of the certificate. Now whenever you request a new certificate it will be valid for the period you specified above.
For more information see Installing and configuring a certification authority.
Vikram Sahay
Comments
Anonymous
September 05, 2011
Hi, There are a few questions i would like to ask, Do we perform step 1 on the CA ? Also I am unable to find the exact path of the CA installation. Can you give me a sample path that is applicable in your case . Thanks, DhanrajAnonymous
December 03, 2015
The comment has been removedAnonymous
January 30, 2016
Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
http://www.movieboxapkdownload.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
http://www.aptoideapkdownload.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble.
http://www.vidmatedownloadapk.com/
Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
http://www.shareitforpccdownload.com/
http://www.shareitforpccdownload.com/shareit-for-pc-windows-10-8-1-7-mac-free-download/
SHAREit for PC lets you transfer files between devices like phones, tablets and computers. With the wide area of sharing compatibility, sharing across anything is easy now. This is the best and the fastest alternative for USB sharing.