Configure Template Validity Period
Updated: February 29, 2012
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
If you are using an enterprise NAP certification authority (CA) to issue health certificates, you must allow Health registration Authority (HRA) to override the certificate validity period that is configured in the template.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
Use the following procedure to allow the CA to issue the new health certificate template. This procedure applies to an enterprise NAP CA only.
On the NAP CA, click Start, click Run, right-click Command Prompt, and then click Run as administrator.
In the command window, type Certutil.exe -setreg policy\EditFlags +EDITF_ATTRIBUTEENDDATE, and then press ENTER.
In the command window, type net stop certsvc && net start certsvc, and then press ENTER.
Verify that Active Directory Certificate Services (AD CS) stops and starts successfully.