Forum Discussion
Windows PKI - Renew/Replace SubCA cert
I have a lab offline RootCA and online Enterprise issuing/Sub CA both running Windows 2016 core. My Sub CA cert expired months ago but I cannot figure out the process to renew or replace it from the CLI in windows core. Can anyone offer guidance?
3 Replies
- Hello,
Powershell is your friend : you can rely on PKI (built-in), AD CS Administration and AD CS Deployment modules (later two are available after installing AD CS role on a Windows Server).
You can also use good old certutil.exe utility (built-in).
You may also install a management with GUI and corresponding PKI tools (MMC, Server Manager...). From it you can manage Core servers easily.
Microsoft PKI documentation relies on batch scripts, so you'll need to rework them a little to adapt them to Powershell.
Good luck !
