Validity and renewal periods

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Validity and renewal periods

Certificate-based cryptography uses public-key cryptography to protect and sign data. Over time, evildoers can obtain data protected with the public key and attempt to derive the private key from it. Given enough time and resources, this private key could be compromised, effectively rendering all protected data unprotected. Also, over time, the names guaranteed by a certificate may need to be changed. Because a certificate is a binding between a name and a public key, when either of these change, the certificate should be renewed.

Validity periods

Certificates are enabled for a specific length of time, which is the validity period. This time is expressed in a length of time beginning from when a certificate is issued. When that length of time is reached, the certificate is no longer valid and cannot be trusted. Because an expired certificate can cause problems, certificates can be renewed to extend their validity period.

Renewal periods

A renewal period is the amount of time prior to the end of the validity period when the subject will renew the certificate using autoenrollment. Renewing the certificate during this interval ensures that last-minute requests for certificate renewal can be serviced before certificate expiration to allow uninterrupted use of the certificate.