I recently set up smart card logon for admins, but I've hit a roadblock since the certificates have expired. I know I can enable passwords again without issue, but the challenge is requesting new certificates. My PC indicates that it doesn't trust the CA because its certificate has also expired. On the server side, it seems to be trying to enroll the same expired certificates, which is failing. Can anyone guide me on how to reissue these certificates?
3 Answers
If you've already fixed the root CA and can reissue smart card certificates now, that’s a good sign! Just remember that the issuing CA can only issue certificates up to its own expiration date. An expired issuing CA certificate can really cause some headaches for authentication, so keep an eye on those expiration dates in the future!
It sounds like the CA certificate expired first, which is why the smart card certificates are also showing as expired, since they were only valid until the CA expiration. Make sure to refresh the CA certificate first. That’s the crucial step during this process!
Totally agree! I was in a similar situation, and fixing the CA was what got everything back on track.
Definitely check if it’s the issuing CA certificate that expired instead of the root. Usually, root certificates last quite a while, like 10 years, while issuing ones are around 5 years. Always good to keep track of those timelines!
Exactly, letting the issuing CA's cert expire can lead to major issues, as you’re experiencing. It’s good that you resolved the CA problem!