0

I recently setup Windows 2003 Certificate Services and installed a five year certificate. I'm now working with a vendor that requires our public CA key so that they can trust all certificates generated by us, but they will not accept it since the maximum length of certificates they'll accept are 3 years. Is there any way to shorten the length of the CA key?

maweeras
  • 2,734
  • 2
  • 17
  • 23
Brett G
  • 2,033
  • 2
  • 28
  • 45

1 Answers1

2

Yes, but you'll have to reissue your CA certificate and deal with all the knock-on effects of that. Short of invalidating it, there is no way to reduce the validity period of a certificate, it's encoded at create time.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
  • 1
    Yes, X509 doesn't have a mechanism of changing issued certificates. You can only invalidate published certificate. – Hubert Kario Oct 18 '10 at 21:04