top of page

CA is issuing Certificates only for three years

Below is the issue faced by one my client last week that they are not able to provide the certificates with more than 5 years validity even though certificate template is issued with 5 Years.


Above Template shows that certificate Validity period 5 Years but when it is issues the certificate provides the certificate validity only for 3 years.



When we run the Certutil command

certutil -getreg ca\validityperiodunits


There is a problem. it is allowed only for three years in the registry level. Hence  run the below commands to set it to 5 years.s Before running the commands ensure backup has been sucessfully taken both CA and Registry.

certutil-setreg ca\ValidityPeriodUnits 5


Restart the CA services by running below commands

net stop certsvc

net start certsvc


Now you will see the certificates are getting issued with 5 Years without any issues.

1 view0 comments


bottom of page