We are experiencing a high priority issue on-site at a customer which requires remediating ASAP so your fast assistance will be greatly appreciated! The issue in question relates to the deployment of Active Directory Certificate Services in Enterprise mode on Windows Server 2012 R2. We have a single CA system which had only the Certification Authority server role installed on it, and then a separate server which has the Certificate Authority OCSP Responder role installed on it.
The CA and the OCSP responder are integrated with a Thales Connect network attached to stop the private key.
The CA and the OCSP responder are fully operational and working as expected however there is one exception.
The OCSP Responder is configured to create its private keys in the HSM (with Thales module protection) with the CNG provider. The certificate template has been configured with the following renewal and validity periods and auto enrolment via the OCSP server.
However regardless of the settings above the OCSP certificate and its corresponding private key is being renewed every 4 hours.
Can you please advise how we can resolve this issue we simply need to renewal period to be every 3 weeks with a validity of 1 month???
