CA server question – machine certificate renewal

Home Forums Microsoft Networking and Management Services Active Directory CA server question – machine certificate renewal

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Hi everyone –

    I’m hoping you folks can help me find an easy way to renew machine certificates manually.

    I have a scenario in which a few hundred machine certificates all expire on the same date (the date that the CA server cert itself had been due to expire)
    Many of these certs are used to validate a VPN connection from the client laptop,
    so I’m afraid that the usual automatic renewal of the certificate won’t work for that laptop,
    since the VPN won’t authenticate and the laptop will then NOT be able to reach the DC to autorenew it’s certificate when it expires.

    Therefore, what I want to provide for our Tier 1 support staff is a
    very simple command line or script, perhaps utilizing certutil.exe
    to renew a machine cert when they get a laptop in for service.

    I’ve looked at the options for certutil.exe and looked at the certs that are on a machine, and I can’t figure out a commandline set of switches to pass to certutil.exe to simply renew the local machine certificate and nothing more.

    Can anyone help with a simple set of switches or script to manually force the renewal the local machine certificate?


Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.