Morning Guys, I tried to renew my certificate as I noticed it has expired - message "This certificate has expired or is not yet valid". When I right click in the certificates snapin and click renew I get the following message SATUS:Failed Key not valid for use in specified state. A certificate request could not be created I'm running a Microsoft PKI Infrastructure on Windows 2003 SP2 All opinions welcome. thanks

how is the certificate original created ?Kind regards, Dennis van Wankum MCSA - MCDST - MCP

You cannot renew a certificate that is expired. The reason is that a renewal request is signed by the previous certificate. Since the certificate has expired, the signature validation check fails. You must simply request a new certificate, rather than renewing the previous certificate. Brian

The certificate was originally automatically issued by AD. So when I request a new certificate can I go ahead and delete the previous certificate. if I do what, will become of the files which were encrypted with the previous cert, will still still be valid? Most importantly, how can I renew the expiring certs of my other users before the run into the same problem. Thanks

You cannot renew a certificate that is expired. The reason is that a renewal request is signed by the previous certificate. Since the certificate has expired, the signature validation check fails. You must simply request a new certificate, rather than renewing the previous certificate. Brian Ouch... Is there any workaround with setting (clock back so cert become valid again), generate reneval request, extract it and submit manually?