Ok, thought I had this down a year ago but find myself confused again. I have a CSG implementation that I did last year using an internal cerification authority. Now that the server certificate is expiring in 2 weeks and I would like to upgrade CSG/NFuse I am revisiting the whole thing. Basically I have 2 certificate servers that I setup internally, one root and the other a sub-ordinate. I installed server certificates from the sub-ordinate on both the NFuse and CSG server. In order to connect users needed 2 certificates, the CA Certificate from both the root and sub-ordinate CA. The one from the root CA is good until 2008, the other expires every year. First question, am I doing this right or do I have it all borked up? My understanding is using internal CA's I have to give certificates to the users. What I don't like is having to re-issue certificates yearly. I was hoping that I would be able to simply renew the server certificates on the NFuse and CSG server and that would be it. Second question (assuming I haven't messed up everything else) is how to I extend the expiration on the subordinate certificate? The root CA's certificate is good for 5 years, the sub-ordinates only 1. Thanks in advance, Mike MacDonald