Certificates are created with a specific end time and date when they are issued. When they expire any services which rely on them in order to function will also fail.
Items which can help you understand what the certificate is being used for are:
- What Key Usage or Enhanced Key Usage items are defined for this certificate. These fields indicate specific allowed uses for a certificate and are usually a strong indication of what a certificate is being used for.
- What store the certificate is in.
- The issuer of the certificate.
- A subject name or subject alternative name. For example, web sites using certificates for SSL require the subject name to match the site name.
- If issued by an Enterprise Certificate Authority the template used for the certificate issuance will have information in it. Template name can often indicate intended use of the certificate.
- Certificates which were not issued by a certificate authority are called self signed certificates. If the certificate is self signed the field will indicate 'true'.
- Certificate authority certificates are indicated as being so, as are subordinate certificate authority certificates.
- The thumprint and serial number of certificates (items which are always unique for any individual certificate) are shown in order to indicate unique information about that certificate in case the certificate must be searched for in MMC or other method.
Once the type and use of the certificate is determined you will need to replace the certificate, and then configure the application(s) or service(s) which use the certificate to use the new certificate. The application or service configuration will be unique and you will likely need to consult documentation (KB, TechNet or MSDN) documentation or collaborate with another engineer who specializes in that technology to do that final step.
If a field is blank in the result output for a certificate then that certificate did not have that field defined in it. Not all fields are required to be defined in a certificate. That is governed by the initial certificate request and any certificate template which was used.
|Has Private Key||:||False|
|Issuer||:||CN=contoso-WIN-49H89RJ0MQQ-CA, DC=contoso, DC=com|
|Not Before||:||04/20/2012 12:43:25|
|Not After||:||04/27/2012 12:53:23|
|Subject Name||:||CN=contoso-WIN-49H89RJ0MQQ-CA, DC=contoso, DC=com|
|Root CA certificate||:||True|
|Non-Root CA certificate||:||False|
|Subject Alternative Name||:|
|Key Usage||:||Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)|
|Enhanced Key Usage||:|
|Certificate Template Information||:|
Article ID: 2705501 - Last Review: 24 Oct 2012 - Revision: 1