On the CA server, you will need to extend the limit on the validity period, otherwise it will remain at 2 years regardless of what our template says. To do this, run:<\/p>\n
certutil -setreg ca\\ValidityPeriodUnits 5<\/span><\/strong>
certutil -setreg ca\\ValidityPeriod years<\/span><\/strong><\/p><\/blockquote>\nThe restart the Active Directory Certificate Services<\/strong> service, and the CA is now ready to start issuing longer certs!<\/p>\nWhen requesting certificates from Lync (or others), make sure to specify the template name when prompted. And if using a CSR for your gateway or edge servers, you can force the template attribute which is not included in the CSR, and is required by Windows to issue you a cert. To do that run:<\/p>\n
certreq -attrib “CertificateTemplate:LyncServer”<\/strong><\/p><\/blockquote>\nThen pick the CSR, and then save the resulting signed certificate. BOOM!<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
X.509 certs are annoying. You need to get them issued with the right names, or reissued if you make a mistake or forget a SAN, and they need to be cared for from time to time otherwise they expire and make your world hell. Wouldn’t it be great if you could make them last longer […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"footnotes":"","_jetpack_memberships_contains_paid_content":false,"jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts\/267"}],"collection":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=267"}],"version-history":[{"count":4,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts\/267\/revisions"}],"predecessor-version":[{"id":350,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=\/wp\/v2\/posts\/267\/revisions\/350"}],"wp:attachment":[{"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.escarra.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"2014-07-15](\"http:\/\/blog.escarra.org\/wp-content\/uploads\/2014\/07\/2014-07-15-20_14_43-kratos.escarra.org-Remote-Desktop-Connection.png\")
<\/a><\/p>\n