The System Center Operations Manager Support Team Blog

This is the OpsMgr 2007 blog for the Microsoft support team. If you were looking for the SCOM 2007 or MOM 2005 blog then you are in the right place.

How to Extend the Certificate Expiration period in Operations Manager 2007

How to Extend the Certificate Expiration period in Operations Manager 2007

  • Comments 1
  • Likes

imageBy default when we request a certificate in System Center Operations Manager 2007, the validity period is 1 year. When the certificate is about to expire you will receive a warning message on the RMS stating that the certificate on the RMS server is due to expire. To avoid and to extend the certificated expiration date you can perform the following steps:

1)    Create a new text file named CApolicy.inf and copy the lines below into it.  Once you save the file, copy it to the C:\Windows directory of the CA.

[Version]
Signature= "$Windows NT$"
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=15
[CRLDistributionPoint]
[AuthorityInformationAccess]

2)    On the line above there is a field called ‘RenewalValidityPeriodUnits’. This is used for the validity period. In this example, we are using the validity as 15 years. You can choose a value according to your needs.

3)    Edit the following registry value to 15 (matching the value used above):

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>\ValidityPeriodUnits

4)    Go to the Certificate Authority and highlight the server name.

5)    Right click and go to All Tasks.

6)    At the bottom is the option to renew the CA certificate. This will ask you to stop the Certificate Services. Select Yes.

7)    This brings up a dialog box with the option to generate a new public and private key. Select Yes. It will now start the Certificate Services and your CA certificate will be renewed.

8)    Go to start, run and type in MMC. Go to the console and highlight Add/Remove Snap-in.

9)    Click on the add button, then choose the Certificates snap-in. Add the snap-in for the Computer Account, hit the next button and select the local computer and hit finish.

10)    You should now have the console open for the certificates for the local computer.  Expand the personal certificates which will tell you the extended expiration date of the certificate.  Now whenever you request a new certificate it will be valid for the period you specified above.

For more information see Installing and configuring a certification authority.

Vikram Sahay

Comments
  • Hi,

    There are a few questions i would like to ask,

    Do we perform step 1 on the CA ?

    Also I am unable to find the exact path of the CA installation. Can you give me a sample path that is applicable in your case .

    Thanks,

    Dhanraj

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment