Article ID: 927169 - Last Review: February 21, 2009 - Revision: 2.0 Custom extensions in the CAPolicy.inf file do not take effect after you renew the root CA certificate by using a new keySYMPTOMSConsider the following scenario. On a computer that is running Windows
Server 2003 R2, Windows Server 2003 with Service Pack 1 (SP1), or Windows Server 2003 with Service Pack 2 (SP2) you create a certification
authority (CA). You then add custom extensions in the CAPolicy.inf file. Then, you renew the root CA certificate by using a new key. In this scenario, the custom extensions do not take effect. For example, you use the CAPolicy.inf file to suppress the CRL distribution point extension. Then, you renew the CA certificate by using a new key. In this example, the root certificate still has the CDP extension. RESOLUTIONTo resolve this problem, renew the CA certificate again. This time, use the same key for the new root CA certificate. To
do this, run the following commands at the command prompt: Certutil -renewCert ReuseKeys Net stop CertSvc Net start CertSvc STATUSMicrosoft
has confirmed that this is a problem in the Microsoft products that are listed
in the "Applies to" section. APPLIES TO
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
