Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

setting certificate lifetime with MS CA with SCEP

I am using an MS certificate authority (CA) to issue certificates to VPN routers using the SCEP add on. The template that the CA is using for this specifies a certificate lifetime of 2 years but the certs that the routers are receiving expire in 1 year.

I can't tell if the routers are requesting this shorter lifetime (and if they are I can't find any way to change the default), or if the SCEP plugin is causing this.

I need to either get this to 2 years or figure out how to get the routers to renew automatically (auto-enroll) while the CA requires a SCEP challenge password. I can get auto-enroll working when there isn't a challenge password, but it fails when that's turned on.

Thanks in advance...