Creating a new root certificate with new key length on windows ad certificate services

Question

Due to new corporate guidelines I need to update the root certificate of my CA so the key length is 4096bits (Currently 2048bits).

My CA is AD integrated and currently running on our DC.

So now I am stuck at the point where I am not finding any kind of information if a simple "reenrollment" of the template of this CA is possible.

I have already had a look at this microsoft learning page but it looks like there is not really an explanation for what I need to do.

Do I need to recreate the CA?

The key length for issued certificates is normally specified in the configuration file when creating a request. The key length of the root CA is normally specified when setting up the CA. Sounds like you need to"renew"/ re-create your root CA certificate with a 4096 bit key length. — Greg Askew, Jun 29 '23 at 11:24
Hey, thanks for the feedback! It seems that not so much information are available out around my specific case. Yesterday I spended some time and got snapshots of my AD-Controllers where I tested the scenario "recreate the CA" and it worked pretty well. — Bad Santa, Jun 30 '23 at 04:44
So now I am going to schedule a maintenance for the upcomming week where the operation will be executed on the open heart ;D — Bad Santa, Jun 30 '23 at 04:46

score 0 · Answer 1 · answered Jul 05 '23 at 09:07

0

In case someone will ever face the same problem I faced here is the solution without reinstalling the role.

I just created a new capolicy.inf with the increased key length and afterwards prolonged the certificate of my CA.

Kind Regards Bad Santa

answered Jul 05 '23 at 09:07

Bad Santa

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 11 '23 at 16:08

1 Answers1