We want to change the validity period on our CA. We have a root CA that stays turned off. We have a subordinate CA that issues all the certificates. We want to issue longer certificates. So after reading about this we would need to
change the subordinate CA's default setting using the following command.
certutil -getreg ca\ValidityPeriod
(This returns the current value of 2)
certutil -getreg ca\ValidityPeriodUnits
(This returns the current value of Years)
certutil -setreg ca\validityperiodunits 5
(This changes the default setting to 5, or something else, and restart certificate services to take effect.
Does the above change affect anything? Like any already issued certificates?
If the above does not affect already issued certificates, we then need to change some certificate's template validity period.
Example is that before the above change, we created a custom template with a validity date of 2 years and issued some certificates (those had a 2 year expiration).
If we change this template from 2 to 5 for validity period, does this cause already issued certificates from this template to stop working or do they continue to work and any newly issued certificate would get the new validity period?