Help and Support
 

powered byLive Search

Custom extensions in the CAPolicy.inf file do not take effect after you renew the root CA certificate by using a new key

View products that this article applies to.
Article ID:927169
Last Review:November 10, 2006
Revision:1.3

SYMPTOMS

Consider the following scenario. On a computer that is running Microsoft Windows Server 2003 R2 or Microsoft Windows Server 2003 with Service Pack 1 (SP1), you create a certification authority (CA). You then add custom extensions in the CAPolicy.inf file. Then, you renew the root CA certificate by using a new key. In this scenario, the custom extensions do not take effect.

For example, you use the CAPolicy.inf file to suppress the CRL distribution point extension. Then, you renew the CA certificate by using a new key. In this example, the root certificate still has the CDP extension.

Back to the top

RESOLUTION

To resolve this problem, renew the CA certificate again. This time, use the same key for the new root CA certificate. To do this, run the following commands at the command prompt:
Certutil -renewCert ReuseKeys
Net stop CertSvc
Net start CertSvc

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

APPLIES TO
Microsoft Windows Server 2003 Service Pack 1, when used with:
  Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
Windows Server 2008 Datacenter without Hyper-V
Windows Server 2008 Enterprise without Hyper-V
Windows Server 2008 for Itanium-Based Systems
Windows Server 2008 Standard without Hyper-V
Windows Server 2008 Datacenter
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Windows Web Server 2008

Back to the top

Keywords: 
kbexpertiseinter kbtshoot kbprb KB927169

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.