Windows PKI - Renew/Replace SubCA cert

shocko · ‎Apr 04 2022

I have a lab offline RootCA and online Enterprise issuing/Sub CA both running Windows 2016 core. My Sub CA cert expired months ago but I cannot figure out the process to renew or replace it from the CLI in windows core. Can anyone offer guidance?

Alban1999 · ‎Apr 07 2022

Hello,
Powershell is your friend : you can rely on PKI (built-in), AD CS Administration and AD CS Deployment modules (later two are available after installing AD CS role on a Windows Server).
You can also use good old certutil.exe utility (built-in).

You may also install a management with GUI and corresponding PKI tools (MMC, Server Manager...). From it you can manage Core servers easily.

Microsoft PKI documentation relies on batch scripts, so you'll need to rework them a little to adapt them to Powershell.

Good luck !

shocko · ‎Jul 11 2022

OK so how to renew the expired SubCA?

shocko · ‎Aug 26 2022

Can you point me at a process to do this?

Windows PKI - Renew/Replace SubCA cert

Windows PKI - Renew/Replace SubCA cert

Re: Windows PKI - Renew/Replace SubCA cert

Re: Windows PKI - Renew/Replace SubCA cert

Re: Windows PKI - Renew/Replace SubCA cert

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Windows PKI - Renew/Replace SubCA cert

Windows PKI - Renew/Replace SubCA cert

Re: Windows PKI - Renew/Replace SubCA cert

Re: Windows PKI - Renew/Replace SubCA cert

Re: Windows PKI - Renew/Replace SubCA cert