Comments and Help with psira online
Video instructions and help with filling out and completing psira
Instructions and Help about psira booking online form
Hello my name is Christopher delay I'm a premier field engineer for Microsoft today's video is going to cover renewing issuing or subordinate CA certificate in a previous video I posted I went ahead and covered the steps involved in updating and renewing the root CA certificate in a two-tier PKI hierarchy today I'm just going to go through and finish that whole process by going through and showing how to renew the CA certificate for a subordinate CA as I mentioned that previous video um the reason for coming up with these videos is originally I've been working on a few articles on operating a Windows PKI and the current ones I've been working on are about certificate CA certificate life cycles and knowing how and when to renew those as well as the current blog I'm talking to working on that talks about how to you know change some different settings when you renew those CA certificates like key length and key size and things like that so so these videos are going to be attached to the second blog that we posted soon and they're also going to be available on youtube so that this will began the purpose of this video just to cover the steps that are necessary to renew a subordinate CA certificate again in my environment here we have a two-tier PKA hierarchy so I have a root CA and I have a subordinate issuing CA so we're going to go through what those steps would look like in a two-tier environment so here's my subordinate issuing CA so I'm going to want to renew the CA certificate on the CA so the first thing I'm going to go ahead and bring up is the certification authority console okay if we go ahead and take a look here first thing we want to see is you know kind of what is the state of this machine has a CA certificate been renewed or not kind of where we're at right now so let's do that I'm just opening up the properties for the CA and we see that there's just a certificate number zero which means this CA certificate has not been not ever been renewed next thing we're going to go ahead and look at is the actual CA certificate properties and look at the CA version and it's 0.0 again showing that the CA certificate has not been renewed some additional things to go ahead and think about when you do this renewal so it's a little bit different than the root CA when you renew this if you renew the CA certificate with a with a either see more new key pair you're going to get a new certificate so you're going to want to have that posted to your AIA locations depend on how your environment is configured that may kind of happen automatically for you that may be a manual process so if you have web servers hosting the AIA location so if I go here and take a look at my ia location here we'll see that I have a website and I have a Active Directory that's hosted by a a ia location for me the web site happens to be on the CA itself in a certain role directory so for me there's not going to be any kind of manual placing the resulting CA certificate in that...
