Saturday, February 25, 2012

certificate start date is tomorrow - how to make it today?

Hi,

I use MS certificate server to request/make server certs but the "not before", or start date is tomorrow for a 1 year cert. I dont care how long but I want the cert to start immediately (today).

Regards,

Simon.

If you are importing this certificate into SQL Server for use with encryption and signing, start and expiration are actually ignored by the server so you can use it as soon as you import it.

Otherwise, I would consult the documentation that came with Microsoft Security Server? I will try to do some research and post anything I find.

Thanks,

Sung

|||

Thanks Sung,

It's not actually for SQL server so maybe I missed the mark for the correct forum for this one.

I know lots of apps ignore the cert's validity dates which is maybe why this problem doesn't get reported more often. Also, I am in Australia so maybe their is some UTC effect going on.

Any help would be appreciated.

Simon.

|||

I think you are referring to the following known issue: https://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=125262. The issue is that the certificate validity dates are stored based on the local time instead of using GMT. The workaround is to explicitly set the start_date to the desired GMT time.

Thanks
Laurentiu

|||

Sorry, this is not a SQL server problem but a CertSrv problem and I dont know how to specify these validity dates for it.

Question reposted on "Security for Applications in Windows Vista "

Thanks,

Simon.

|||

Btw, for anyone looking,

My problem was just the timezone on the server was GMT-8 (USA), not GMT+10 (Australia) so the certs were out by 24 hours.

Cheers.

No comments:

Post a Comment