Hy,
I want to build a Subordinate CA but using a different validity period. As you know the default it's 5 years (SubCA template), and I want to make it 10 years.
So before I installed the Subordinate Certification Authority on the second server I created a capolicy.inf file and put put this in:
[Version]
Signature="$Windows NT$"
[RequestAttributes]
CertificateTemplate = MySubCA
On the Root CA I duplicated the defaut certificate and name this MySubCA with a period of 10 years, then publish this certificate on the certificate templates. Now I install my Subordinate CA and save the request file, went to Root CA and issue the certificate, but the new certificate period it's two years. I oppened the certificate an looked at details and the certificate template that issue this one it's ok is the one I created earlier. I can't make this work until a issue the command on the Root CA:
certutil -setreg CA\ValidityPeriodUnits 10
But now all my certificate will have 10 years validity. So my question as you can asume is:
How can I make this work using capolicy.inf file and the new template, without modifying the registry
Thanks