Why is my issuing CA Cert valid as long as my Root CA Cert?

Hi,
In my 2-Tier lab, my Root CA Cert was given a validity period of 10 days during install.  Installed the Root CA Cert into AD and local root store on my Issuing CA.  I installed the CA Role on the Issuing CA, then ran the following:
certutil -setreg CA\ValidityPeriodUnits 5
certutil -setreg CA\ValidityPeriod 'Days'
When I look at my Issuing CA Cert, its valid for 10 days, which is the length of my Root CA cert.  Why is this?  Should the Issuing CA Cert be only valid for 5 days?
Thanks for your help! SdeDot

SdeDot, You are correct.
1) On the root CA, set ValidityPeriod =Days and ValidityPeriodUnits
= 5
2) Restart certsvc on the root CA
3) Submit the issuing CA requests, approve, and issue
Voila, a five day cert
Brian

Similar Messages

  • Why does a specific website say validating and doesn't open the site for me?

    why does a specific website say validating and doesnt open the site?

    My Safari also has a hiccup. My ISP (comcast) helped me by suggesting I try the same task using a different browser (firefox). I had both installed, and firefox completed the task smoothly with no issues. I was told the problem was on my end and my safari browser was most likely flawed. I cannot find the procedure to uninstall & reinstall the Safari app. My iMac came with 2 discs (os & bundled apps) But the ability to choose Safari only, for this task remains illusive. Any suggestions or fixes to repair a glitch infected Safari will be appreciated. 

  • I am running on OSX 10.10.1 and have a 2009 imac intel and I am having severe latency issues.  I am not familiar with macs as this is my home computer used by other family members.  Any help on how to troubleshoot why such latency issues?

    I am running on OSX 10.10.1 and have a 2009 imac intel and I am having severe latency issues.  I am not familiar with macs as this is my home computer used by other family members.  Any help on how to troubleshoot why such latency issues?

    When you see a beachball cursor or the slowness is especially bad, note the exact time: hour, minute, second.  
    These instructions must be carried out as an administrator. If you have only one user account, you are the administrator.
    Launch the Console application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad and start typing the name.
    The title of the Console window should be All Messages. If it isn't, select
              SYSTEM LOG QUERIES ▹ All Messages
    from the log list on the left. If you don't see that list, select
              View ▹ Show Log List
    from the menu bar at the top of the screen.
    Each message in the log begins with the date and time when it was entered. Scroll back to the time you noted above.
    Select the messages entered from then until the end of the episode, or until they start to repeat, whichever comes first.
    Copy the messages to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
    The log contains a vast amount of information, almost all of it useless for solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.
    Please don't indiscriminately dump thousands of lines from the log into this discussion.
    Please don't post screenshots of log messages—post the text.
    Some private information, such as your name, may appear in the log. Anonymize before posting.

  • How to setup a template to issue SHA1 certs if I have a SHA256 chain

    Hi All
    Can any one tell me how to setup a template to issue SHA1 certs if I have a SHA256 chain. I looked at the templates and I didn’t see where it is specified?
    Puneet Singh

    Certificate signature algorithm is CA-wide settings and independent from certificate templates. You have to configure your CA to use SHA1 signature:
    certutil -setreg ca\csp\cnghashalgorithm sha1
    net stop certsvc && net start certsvc
    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell File Checksum Integrity Verifier tool.

  • Issue with simple validation rule

    Hi All,
    Environment: HP app which is EPMA deployed
    Version: 11.1.2.1
    I have a strange issue writing a validation rule through calc mgr.
    scenario: We are performing allocations over entity dimension based on %ages entered on a specific account member say 'Input%age' on total to be allocated value. For example: consider a parent entity P with 4 children as mentioned below.
    P         (parent) (Type: Dynamic)
    --A         (child) (Type: Store)
    --B         (child) (Type: Store)
    --C         (child) (Type: Store)
    --D         (child) (Type: Store)
    Need: The allocation should happen only when the sum of  %ages on each of the child roll up to 1 for their respective parent. Else allocation should not happen and message should be displayed to users.
    The current snippet:
    FIX(@Relative("P'',0))
    "AllocValue"
    IF('P"->'Input%age' == 1)
         'Allocvalue" = 'Input%age' * "TotalEntityValue";
    ENDIF
    ENFIX
    Issue:
    1. The script never works correctly even if the sum of %ages for all child is 1. I have tried making '1.0', '1.00' ,'100','100.00' etc but it didn't work. (Note: If user enters 0.2 as %age, the web-form shows it as 20%)
    2. In case the sum of %ages is not equal to 1, allocation happens only for last child D.
    3. If %age condition is removed, allocation happens as expected.
    Any input or suggestion is highly appreciated.
    Thanks in advance..

    Perform the following check:
    1. during the time of calculation the "Input%age" is one (i mean aggregated).
    2. Is  your condition is valid. I mean if you have missed "BegBalance" or any valid combination.
         Best way is to try excel retrieve and match the combination with the if condition

  • Why is my license code CS6 Design not longer valid?

    Purchase date 17-12-2013
    Why is my license code CS6 Design not longer valid?

    Do you have an Education version which you purchased through a University, not a separate purchase of your own?
    Education CS6 serial number expire after 2 years https://forums.adobe.com/thread/1564342
    -and https://forums.adobe.com/thread/1570498
    Anyway, Since this is an open forum, not Adobe support... you need to contact Adobe staff to help
    Adobe contact information - http://helpx.adobe.com/contact.html
    -Select your product and what you need help with
    -Click on the blue box "Still need help? Contact us"

  • Why does it say sim not valid?

    why does it say sim not valid?

    Because you're trying to use a sim card from a carrier other than the carrier your phone is locked to. That's why. To use different sims, from different carriers, you need to get your phone officially unlocked.
    If you got this message & are using the correct sim, that's a different problem. If so, post back.

  • HT5035 If I have an positive account balance and credits on my account, why do I have to enter valid credit card information?

    If I have a positive account balance and credits on my account, why do I have to enter valid credit card information?

    Yes the balance is from a gift card

  • Why do the mac updates take a ridiculously long time

    why do the mac updates take a ridiculously long time? 10 hours? this is ridiculous - my ISP is 40mbps

    Which updates were you trying to get? If you are going to a very busy web site or server, the connections could be extremely slow. But to wait so long invites troubles.
    If the machine is terribly slow, that should be an indication some maintenance or repair may be needed first. Some keyboard shortcuts can be used to check and attempt repair, and the problem likely is in the Mac.
    Everything from the amount of RAM installed, to the total capacity of the HDD (or SSD) vs free or unused space on the drive, is important to the function of the OS X. Or there may be an issue, if the OS X checks out OK, in the internet connection. If you use wireless mostly, check the connections by wire instead.
    Try to not get into a position where you end up using 'force quit' if the computer appears to freeze up. In the process of an update or upgrade, that's almost never a positive outcome.
    Good luck & happy computing!

  • Why does Apple iPad Camera Connection Kit no longer work with iOS8

    Why does Apple iPad Camera Connection Kit no longer work with iOS8?

    The kit is firmly inserted in thhe iPad's dock ? You could also try a reset and see if it's recognised after the iPad has restarted : press and hold both the sleep and home buttons for about 10 to 15 seconds (ignore the red slider), after which the Apple logo should appear - you won't lose any content, it's the iPad equivalent of a reboot.
    I haven't had problems using the kit with SD cards from Canon cameras . What capacity is the card, and it's an SD or SDHC card - if it's an SDXC card that's formatted as ExFAT then it won't be recognised

  • Why does Pages 08 3.03 take so long to open in OS X 10.93

    Why does Pages 08 3.03 take so long to open in OS X 10.93

    Possibly you may have a lot of fonts open.
    Pteer

  • In Yosemite Mail, there is an issue where the signatures no longer toggle as in the past. If you change the existing signature, it just adds the new one vs replacing it within the body of the message. Thoughts?

    In Yosemite Mail, there is an issue where the signatures no longer toggle as in the past. If you change the existing signature, it just adds the new one vs replacing it within the body of the message. Thoughts?

    Hi howe.sc,
    When I checked for how signatures in Yosemite work, I found this.
    Mail (Yosemite): Include signatures in messages
    Delete a signature from a message: Select the signature, then press the Delete key.
    Replace a signature in a message: Delete the existing signature, then add a different signature.
    That sounds similar to what you are describing.
    Take care,
    Nubz

  • Hello - can anyone tell me why my iPad (4th Gen) screen will no longer rotate. I don't have a screen lock symbol next to the battery icon. I have the rotate icon on my desktop but still can't get the screen to rotate.

    Hello - can anyone tell me why my iPad (4th Gen) screen will no longer rotate. I don't have a screen lock symbol next to the battery icon. I have the rotate icon on my desktop but still can't get the screen to rotate.

    Double-click the Home button and swipe Task Bar to the right. Check the Rotation Lock on the far left of Task Bar.
    http://i1224.photobucket.com/albums/ee374/Diavonex/ba23c598623fe4fd062a40e349af2 18d.jpg

  • Why does my iMac (with Mountain Lion) no longer recognize my external hard drive I have used as a back up via Time Machine after the hard drive was accidentally unplugged?

    Why does my iMac (with Mountain Lion) no longer recognize my external hard drive I have used as a back up via Time Machine after the hard drive was accidentally unplugged?

    Do you mean the external hard drive is not mounted on the iMac desktop?
    Check if Disk Utility sees the drive. Applications / Utilities / Disk Utility. If the external shows up in the left column, select it and click on Mount.
    If it does show up this way, I recommend using DU to Repair Disk.

  • Why do movies rented from iTunes take soooo long to download to my Mac?

    Why do movies rented from iTunes take sooo long to download to my Mac?

    I am noticing the same thing. It appears to be since the recent update, but I have never had a delay before.

Maybe you are looking for