Join Log in
Score:0
Bad Santa avatar Server

Creating a new root certificate with new key length on windows ad certificate services

tj flag
Bad Santa

Due to new corporate guidelines I need to update the root certificate of my CA so the key length is 4096bits (Currently 2048bits).

My CA is AD integrated and currently running on our DC.

So now I am stuck at the point where I am not finding any kind of information if a simple "reenrollment" of the template of this CA is possible.

I have already had a look at this microsoft learning page but it looks like there is not really an explanation for what I need to do.

Do I need to recreate the CA?

186
1 + 3
cn flag
Greg Askew
The key length for issued certificates is normally specified in the configuration file when creating a request. The key length of the root CA is normally specified when setting up the CA. Sounds like you need to"renew"/ re-create your root CA certificate with a 4096 bit key length.
0
Reply
Bad Santa avatar
tj flag
Bad Santa
Hey, thanks for the feedback! It seems that not so much information are available out around my specific case. Yesterday I spended some time and got snapshots of my AD-Controllers where I tested the scenario "recreate the CA" and it worked pretty well.
0
Reply
Bad Santa avatar
tj flag
Bad Santa
So now I am going to schedule a maintenance for the upcomming week where the operation will be executed on the open heart ;D
0
Reply
Score:0
Bad Santa avatar Server
tj flag
Bad Santa

In case someone will ever face the same problem I faced here is the solution without reinstalling the role.

Especially this article helped me: https://www.scriptinghouse.com/2022/09/how-to-renew-root-certificate-of-microsoft-ca-with-a-longer-validity-period.html

I just created a new capolicy.inf with the increased key length and afterwards prolonged the certificate of my CA.

Kind Regards Bad Santa

+ 1
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.