AD CS : Change the RootCA Validity Period

Change the RootCA Validity Period

certutil -setreg ca\ValidityPeriod “Years”
certutil -setreg ca\ValidityPeriodUnits “10”

When new certificates are generated for the subordinate this will cause the default lifetime for the subordinates to have the same vailidity period as the root CA, therefore change the vailidity period on the subordinate.

Change the subordinateCA Validity Period

certutil -setreg ca\ValidityPeriod “Years”
certutil -setreg ca\ValidityPeriodUnits “1”