Certutil renew certificate windows

K I managed to get it to work, after analyzing my cmd results. I indeed was getting the error stated above. Clearly any attempt to force install the new cert or request new ones all failing on me, even after shutting down the AD CS service.

I initially tried these with the services started with the same errors. Nothing special, but I did notice it didn't contain any trailing number, I'd assume this is cause it is the original. Just for heck I decided to delete it to see if it would make a difference. What are the chances So I took my new req file, signed it by my offline root CA.

I hope this info helps others that come across this error. I might alter the question to more directly reflect the problem. Best Regards Cartman Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff microsoft. Mark B. He is also co-founder of Revocent revocent. I also noticed that "certUtil -Shutdown" is literally just "net stop CertSvc". Office Office Exchange Server. Not an IT pro?

Windows Server TechCenter. For consistency and integrity, CA certificates and certificate revocation lists CRL issued by the CA before its renewal will be available after the CA has been renewed. When a CA is installed, the certificate index is zero and the certificate suffix is "" an empty string. Each time the certificate is renewed whether or not keys are reused , the certificate index is incremented by one, and the certificate file name suffix becomes a string of the form " n ", where n represents the number of times the CA certificate has been renewed.

After the first renewal, the certificate index is 1 and the certificate file name suffix is " 1 ". After the second renewal, the certificate index is 2 and the certificate file name suffix is " 2 ", and so on. If it does not, the values of these indexes and suffixes remain the same as they were for the last index. During renewal, an administrator specifies whether a new key pair is generated or the existing key pair is used.

In the Certificate Authority MMC snap-in, an option in the user interface specifies a new or an existing key pair; in the Certutil. The CRL index is directly tied to the key index, which is set to the CA certificate index only when a new key pair is used for the renewal.

After the first renewal which used a new key pair , the index of the CRL and key is set to 1, and the CRL and key container name suffix is " 1 ". By using this website, you consent to the use of cookies for personalized content and advertising. For more information about cookies, please see our Privacy Policy, but you can opt-out if you wish.

Accept Reject Read More. Close Privacy Overview This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website.

These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.