Vadims Podāns
Vadims Podāns 14.01.2020 14:10 (GMT+2) Certificate Policies extension – all you should know (part 2)

Try to delete it:

certutil -oid <OidDisplayName> delete


consult with help: certutil -oid -?

Rafal 14.01.2020 13:45 (GMT+2) Certificate Policies extension – all you should know (part 2)

By accident I have changed policy extention name, certutil -oid [number] [policy name]...I can't back to old name, please any advice?

No I see at View Obkect Identifiers:

Policy name        Object Identifier   Policy Type    

"bad name"          "number"            Application

Vadims Podāns
Vadims Podāns 10.01.2020 09:52 (GMT+2) Certificate Autoenrollment in Windows Server 2016 (part 2)

I did a test and renewal for expired certificate works as expected: a new request is sent to CA. Expired certificate isn't used in renewal process.

Vadims Podāns
Vadims Podāns 09.01.2020 11:13 (GMT+2) Root CA certificate renewal

Fixed typo in text.

Jiri Benes
Jiri Benes 09.01.2020 10:53 (GMT+2) Root CA certificate renewal

Hi Vadims,

thanks for your article, very useful for us as well!

Just to correct a small typo: at the end of the "Renewal with new key pair" section there is a typo in the text which says "Run the following command on CA server to renew CA certificate and reuse existing key pair:", should state "with new key pair".

+1 here for always renewing Root CA with new key pair. We ran into an issue where Linux/NetApp NAS clients failed to validate server certificate (LDAP server in our case) issued by by Root CA with renewed certificate using an existing key pair, where both the "old/previous" Root CA and "new/renewed" Root CA certificate were present in the root CA trust store on the Linux/NetApp side and the "old" Root CA expired - the Linux/NetApp validated a valid server certificate (issued from the new/renewed Root CA) against the expired "old" Root CA, thus failing the validation due to "expired root CA cert" reason and effectively disrupting connection to LDAP server. Fixed by removing the "old" Root CA from the Linux/NetApp clients.