VSS KB Articles

How to disable cache in Firefox
12/4/2018
How to disable cache in Firefox, Type in the address bar about:config,Type in the search bar browser.cache


Windows unable to upgrade due to USB install of OS
10/21/2018
Windows unable to upgrade due to USB install of OS Windows 8.1 / Windows 10


How to Configure DNS on a Domain Controller with Two IP Addresses
7/12/2018
How to Configure DNS on a Domain Controller with Two IP Addresses; Configure DNS on a DC with two IP addresses


How to safeguard from the SWEET32
7/12/2018
How to safeguard from the SWEET32 Issue, CVE-2016-2183, Disable RC4 and 3DES on Windows Server


Redirect from HTTP to HTTPS using the IIS URL Rewrite module
2/12/2018
This is the most common requirement on most of the Exchange servers hosted on IIS. The server admins configure an http to https redirect.


    

1/9/2018
How to Change/Extend the Expiration Date of Certificates

Symptoms

1. Need to change/extend the subordinate CA certificate validity

2. CA certificate and the template is valid for 5 years but certificates that are issued is showing only 2 years validity.

3. Certificates issued by the CA should be valid only for  3 months irrespective of the template validity or CA validity.

Cause

The validity of a certificate is dependant on below values:
        a. Remaining lifetime of Issuing CA certificate.
        b. Validity as specified in the certificate template.
        c. Registry entries on the CA as described in
http://support.microsoft.com/kb/254632/ Jump

Issued certificate will have the least of above values as the certificate validity.

Resolution

1. Need to change/extend the subordinate CA certificate validity

   On the Root/Parent CA check the below registry entries.

              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

              ValidityPeriod

              ValidityPeriodUnits

   ValidityPeriod can have "Days" "Weeks" "Months" "Years" as values

   ValidityPeriodUnits can be an integer as per requirement.

   Restart the certificate services on the Root/Parent CA.

   Renew the Subordinate CA certificate.

2. CA certificate and the template is valid for 5 years but certificates that are issued is showing only 2 years validity. Need to have certificates issued based on template validity.

  Check the registry key on the Issuing CA and update the values as required.

              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

  ValidityPeriod can have "Days" "Weeks" "Months" "Years" as values. Set it to "Years"

  Set the ValidityPeriodUnits equivalent to the CA certificate validity.

  Restart the certificate services on the Issuing CA.

  Issue/Renew the certificate.

3. Certificates issued by the CA should be valid only for a 3 months irrespective of the template validity or CA certificate validity. 

  On the Issuing CA, open registry.

              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

  Set the ValidityPeriod to "Months"

  Set the ValidityPeriodUnits to 3.

  Restart the certificate services on the Issuing CA.

  Issue/Renew the certificate.