How to Extend CA Validity Period and Renew FAS Certificates
Article ID: CTX561241
Updated On:
Description
This article is designed to describe how to extend CA Validity Period and renew FAS Certificates
Instructions
Disclaimer: information displayed in screenshots are Citrix test server data.
1. Extend Validity Period in Registry as follow (https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/change-certificates-expiration-date ):
1. Extend Validity Period in Registry as follow (https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/change-certificates-expiration-date ):
-
Locate, and then click the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName> -
In the right pane, double-click ValidityPeriod.
-
In the Value data box, type one of the following, and then click OK:
- Days
- Weeks
- Months
- Years
-
In the right pane, double-click ValidityPeriodUnits.
-
In the Value data box, type the numeric value that you want, and then click OK. For example, type 2.
-
Stop, and then restart the Active Directory Certificate Services service.
2. Modify certificate template:
-
Change it on the CA server, right click on the certificate template -> manage:
- Find Citrix_RegistrationAuthority, and change the validity period to the length of time you want (only modify this one certificate):
3. Renew FAS certificates from GUI in lab:
- Click "Reauthorize" button in GUI.
- Select the correct CA.
- Logon the CA server and "Issue" the Pending Request.
- Go back to GUI, click "Update Configure", the "Update FAS Rules" window is shown and click "OK" button.
Environment
Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
Was this article helpful?
Yes
No
Powered by
