By accident I have changed policy extention name, certutil -oid [number] [policy name]...I can't back to old name, please any advice?
No I see at View Obkect Identifiers:
Policy name Object Identifier Policy Type
"bad name" "number" Application
I did a test and renewal for expired certificate works as expected: a new request is sent to CA. Expired certificate isn't used in renewal process.
Fixed typo in text.
Hi Vadims,
thanks for your article, very useful for us as well!
Just to correct a small typo: at the end of the "Renewal with new key pair" section there is a typo in the text which says "Run the following command on CA server to renew CA certificate and reuse existing key pair:", should state "with new key pair".
+1 here for always renewing Root CA with new key pair. We ran into an issue where Linux/NetApp NAS clients failed to validate server certificate (LDAP server in our case) issued by by Root CA with renewed certificate using an existing key pair, where both the "old/previous" Root CA and "new/renewed" Root CA certificate were present in the root CA trust store on the Linux/NetApp side and the "old" Root CA expired - the Linux/NetApp validated a valid server certificate (issued from the new/renewed Root CA) against the expired "old" Root CA, thus failing the validation due to "expired root CA cert" reason and effectively disrupting connection to LDAP server. Fixed by removing the "old" Root CA from the Linux/NetApp clients.
Try to delete it:
consult with help:
certutil -oid -?