• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1141
  • Last Modified:

Transferring Certificate Authority to a different Active Directory server

I am fairly new at dealing with Certificate Authorities but here is my situation.

I currently have my Certificate Authority running on a domain controller.  For various reasons I would like to move the Certificate Authority to a different domain controller.  I have found several articles on how to move the CA to a new server that will have the same name as the old server but none explaining how to actually deal with a move to a completely different server with a different name.  

I don’t have too many Web Site certificates issues from the current CA so it would not be the end of the world to reissue those again from the new CA.  When I look at my CA under “Issued Certificates” I see what appears to be a certificate for every computer on my domain.  I’m unsure of what these certificates do or how they would be handled if I transfer the CA to a new server.  Any explanation of these would be usefull.

Finally is there a way to fully back up the CA on the current machine so that if there was a problem after moving to the new server I could revert back?

Thanks for your assistance.

2 Solutions
1. U can NEVER change the CA server name . You even have that warning when u install your CA.
2. To backup the CA u have two methods :
a. from ntbackup :> System State > select the Certificate Server .
b. or from the certificates mms console > certificate server > rt click > all tasks > backup CA

But , I do recommend that u make a FULL backup for that server too and make sure u are able to restore that server if something bad happens.

Life could get somehow harder if u have an enterprise root ca / subordinate ca / lots of forest and external trusts ...etc. U said nothing about your CA hierarchy.
3. What are the certificates for ??
In your case , if we are only talking about certificates from the WEB Server , then these certificates are for supplying the SSL public / private session encryption keys.

Ur welcomed for any more help ..
Kini pradeepIT Technology Senior ConsultantCommented:
check this out:

make sure that you keep the same name as described by drtoto82.
also make sure that the reg keys are backed before uninstalling the CA from the existing server.
Forced accept.

EE Admin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now