My Windows CA (certificate authority) main cert is expiring next week, what do I do?

I went ahead and renewed the Certificate Authority itself (right click the CA, all tasks, renew), using the same public/private keys.

Do I need to do anything else to make sure things don't start to fail new week?

Will the certificates set to expire such as domain controller certificates, web server certificates, CA Exchange, etc. auto-renew on that original date or do I need to do something now to make sure everything still works come next week?


If you manually published the cert to any web sites, or into any policies, then you need to re-publish the cert to those locations so the CA cert gets updated on the clients.

Will the certificates set to expire such as domain controller certificates, web server certificates, CA Exchange, etc. auto-renew on that original date or do I need to do something now to make sure everything still works come next week?

They are probably all close to expiring soon, since Windows will not allow you to sign a cert so that it will expire later then the CA cert expires.

If auto-renewal was already setup and working, then any system that got a cert automatically should should start request and get a new cert automatically.

Any certs you manually issued, will probably have to be manually renewed.