The lifetime of a certificate issued by a Windows 2000 Certificate
Authority (CA) is two years by default. After two years, the
certificate expires and is not trusted for use. There may be
situations when you need to override the default expiration date
for certificates issued by an intermediate or an issuing CA.
For certificates issued by Standalone CAs, the validity period
is governed by the registry entry discussed below. This value
applies to all certificates issued by the CA.
For certificates issued by Enterprise CAs, the validity period
is hard - coded into the template used to create the certificate.
Windows 2000 does not support modification of these templates.
The sole exception is a certificate issued to a subordinate CA.
The subordinate CA certificate template does not specify a validity
period. Instead, this value it governed by the registry entry
To modify the validity period settings for a CA, follow these
WARNING : Using Registry Editor incorrectly can cause serious
problems that may
require you to reinstall your operating system. Microsoft cannot
guarantee that problems resulting from the incorrect use of Registry
Editor can be solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the "Changing
Keys and Values" Help topic in Registry Editor (Regedit.exe)
or the "Add and Delete Information in the Registry"
and "Edit Registry Data" Help topics in Regedt32.exe.
Note that you should back up the registry before you edit it.
If you are running Windows NT or Windows 2000, you should also
update your Emergency Repair Disk (ERD).
Start Registry Editor.
Locate the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSrv\Configuration\
Double - click the ValidityPeriod REG_SZ registry value and
change the validity period to one of the following choices: Days,
Weeks, Months, or Years.
Double - click the ValidityPeriodUnits REG_DWORD registry
value and change the number of days, weeks, months, or years
you want (for example, 1, 2, 3, and so on).
Stop and restart Certificate Services.