Expiration Of Certificates



Griff
07-09-2005, 11:51 PM
Ok I have been trying to figure out the PKI this for awhile. What concerns me
is the expiration of the user's certificates. After the year is up (We are
running 03 standard), will that user be able to access data from the previous
year. Do I need to create a new cert for that user and keep the old one on
his system as well? If I can get away with simply backing up the old certs
and keeping them on the users system for access to archived documents, then
what happens when the CA's cert expires? Any help in getting over this mental
barrier would be great. Thanks

David Cross [MS]
07-09-2005, 11:51 PM
Decryption is always allowed for expired certs; they just won't be able to
perform new encryption without enrollment for a new valid cert.

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.


Top Whitepapers:

Auto-enrollment whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx

Best Practices for implementing Windows Server 2003 PKI:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx

Troubleshooting Certificate Status and Revocation whitepaper:
http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx

Windows Server 2003 web enrollment and troubleshooting guide:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
"Griff" <Griff@discussions.microsoft.com> wrote in message
news:FE45DC12-FA37-413D-A555-59499F8948D7@microsoft.com...
> Ok I have been trying to figure out the PKI this for awhile. What concerns
> me
> is the expiration of the user's certificates. After the year is up (We are
> running 03 standard), will that user be able to access data from the
> previous
> year. Do I need to create a new cert for that user and keep the old one on
> his system as well? If I can get away with simply backing up the old certs
> and keeping them on the users system for access to archived documents,
> then
> what happens when the CA's cert expires? Any help in getting over this
> mental
> barrier would be great. Thanks

Griff
07-09-2005, 11:51 PM
David,

Thanks for the response. It was a big help. Let me ask you this... If my
root CA expires in 5 years (should I extend this?) then when I renew that CA
Cert, will it affect the decryption of the old material?


"David Cross [MS]" wrote:

> Decryption is always allowed for expired certs; they just won't be able to
> perform new encryption without enrollment for a new valid cert.
>
> --
> David B. Cross [MS]
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> Top Whitepapers:
>
> Auto-enrollment whitepaper:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
>
> Best Practices for implementing Windows Server 2003 PKI:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
>
> Troubleshooting Certificate Status and Revocation whitepaper:
> http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
>
> Windows Server 2003 web enrollment and troubleshooting guide:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
> "Griff" <Griff@discussions.microsoft.com> wrote in message
> news:FE45DC12-FA37-413D-A555-59499F8948D7@microsoft.com...
> > Ok I have been trying to figure out the PKI this for awhile. What concerns
> > me
> > is the expiration of the user's certificates. After the year is up (We are
> > running 03 standard), will that user be able to access data from the
> > previous
> > year. Do I need to create a new cert for that user and keep the old one on
> > his system as well? If I can get away with simply backing up the old certs
> > and keeping them on the users system for access to archived documents,
> > then
> > what happens when the CA's cert expires? Any help in getting over this
> > mental
> > barrier would be great. Thanks
>
>
>


Expiration Of Certificates