Windows Server 2008 R2 creating a multi-year client certificate using the IIS certsrv page while deploying SSTP VPN

Question

I am trying to follow instructions on Technet about deploying a Standard (non-enterprise) SSTP based VPN) that were originally written for Server 2008, but I am using Server 2008 R2, I have gotten as far as the part where it asks you to create a request a Server Authentication certificate. I have deployed IIS, and Active Directory Certificate Services, and chose "Standalone" and "Standard" (non-enterprise) Certificate Authority because I don't have an OID and don't think I should have to get one for a simple deployment of SSTP.

The resulting certificates made by the Certification Authority "Issue" command, only have a 1 year period of validity, I want a multi-year certificate.

At no point in this process is there any way to input this information unless it's through the Attributes text input area on the Advance Certificate Request page, which appears to be generated using an old ActiveX control, which means I can only do this using the workarounds in the article that I linked at the top, and only using Internet Explorer.

Update:: I got stuck also at "The revocation function was unable to check revocation", and the VPN connection fails. This is covered by the KB article linked here.

Answer 1

Open the Certificate Template MMC console (certtmpl.msc). Right click the certificate template you want to modify, and click Duplicate Template. On the General tab, change the Validity Period to the desired time. You probably want to change the name as well.

Now, you want to request a certificate from the new template. You may need to add the certificate template in Certification Authority MMC console to get the new template to appear online.