active-directory-adcswindows-server-2012
How can I set in ADCS the validity period for certificates which are issued by my sub-CA based on a Computer certificate template? Right now, my certificates are issued for one year only.
If I open the properties of the certificate template, it only shows some basic info and nothing can be changed.
I checked our farm yesterday and noticed that is Windows 2008... Yours is 2012. I'm sure there are big differences, but I hope my info helps.
Opening MMC -> Certificates -> Computer account I see 2 certificates in "personal/Certificates" folder:
The selfsigned shows an error in the details, has your certificate the same error?
To solve this error, just copy and paste the certificate from "personal/Certificates" subfolder to "Trusted Root Certification Authorities/Certificates". With that step the same certificate gives no error.
After that, there's only two places where you configure the certificate (in RDS Windows 2008) that I've found.
Our RemoteApp Manager shows:
The Digital Signature settings:
And in the 'RD Session Host Configuration, in the settings of the connection:
At the end, and if I remember correct, we solved it checking all options, the event viewer, making sure of no certificate errors, populating some local groups, giving them access by the Security Policy...
Good Luck.
---- Updated ----
Remember to import in the user profile, the Issuer CA or the certificate (if it's self signed) in the "Trusted Root Certification Authorities/Certificates" so the client didnt get any certificate error. This point was important in our system.
You can use certutil
certutil -installCert "<path to cert>"
Best Answer
A certificate is issued for the lower of either:
ValidityPeriodandValidityPeriodUnitregistry values, orAs the
Computertemplate is version 1 schema, you cannot change its validity. However, it's considered wiser to copy the template and use the copy for enrollments. When you copy, you can set additional values and the schema will be upgraded accordingly. That is, you'll end up with a version 2, 3, or 4 schema template. That's not a problem unless you're using a really old version of Windows.