There have been a number of changes to the security certificate world lately. Validity periods have shrunk from 5 years to 3 years and now to 2 years. SHA256 has taken over the world. Wildcard certificates have gone from risky to accepted and supported in many scenarios. All this means we are all rekeying and deploying certificate’s a lot more. Just to make it more fun, there are more options involved. So, it is best to make the task as error free and quick as possible.
Switching a certificate from ‘Signature’ to ‘Exchange’, or the reverse, is fairly easy. Just use the certutil utility.
WINS is old but still in use and required in many environments. I upgraded a 2003 domain to 2008 R2 recently and discovered something about WINS that is worth knowing if you are installing it on a 2008 R2 or 2012 server.
When you add the WINS feature, it appears to install correctly but some of the server settings are corrupt. Specifically, if you open the server settings and select the ‘Intervals’ tab you will see this: