Score:0

Create a Root CA self-signed certificate using the command line

ca flag

I have Microsoft Server 2019 offline Root CA

I want to renew the Root CA certificate, but I do not want it to be used immediately (as I want to push out the new Root CA certificate to key stores on clients ahead of using it to sign Issuing CA certificate/s).

if I renew on the Microsoft Certification Authority GUI tool (the standard one that is installed when you install the CA) the certificate immediately shows up in the configuration under the Properties section and is used to sign any new certificates.

The question is can I create from the command line (rather than the GUI) using guilt in command and tools like

https://docs.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate?view=windowsserver2022-ps

Whereby it is not active right away until I import it later?

Maarten Bodewes avatar
in flag
Hi AUser, we're more about cryptographic algorithms and protocols rather than Microsoft implementation of a CA system. Would you mind if I migrate this to [su]?
AUser avatar
ca flag
Hi Maarten Thanks for the input, what every you think will help me if fine
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.