Solved

Transferring Certificate Authority to a different Active Directory server

Posted on 2007-04-05
4
1,128 Views
Last Modified: 2013-12-04
I am fairly new at dealing with Certificate Authorities but here is my situation.

I currently have my Certificate Authority running on a domain controller.  For various reasons I would like to move the Certificate Authority to a different domain controller.  I have found several articles on how to move the CA to a new server that will have the same name as the old server but none explaining how to actually deal with a move to a completely different server with a different name.  

I don’t have too many Web Site certificates issues from the current CA so it would not be the end of the world to reissue those again from the new CA.  When I look at my CA under “Issued Certificates” I see what appears to be a certificate for every computer on my domain.  I’m unsure of what these certificates do or how they would be handled if I transfer the CA to a new server.  Any explanation of these would be usefull.

Finally is there a way to fully back up the CA on the current machine so that if there was a problem after moving to the new server I could revert back?

Thanks for your assistance.

Andy
0
Comment
Question by:dmaxIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Accepted Solution

by:
drtoto82 earned 250 total points
ID: 18861893
1. U can NEVER change the CA server name . You even have that warning when u install your CA.
2. To backup the CA u have two methods :
a. from ntbackup :> System State > select the Certificate Server .
b. or from the certificates mms console > certificate server > rt click > all tasks > backup CA

But , I do recommend that u make a FULL backup for that server too and make sure u are able to restore that server if something bad happens.

Life could get somehow harder if u have an enterprise root ca / subordinate ca / lots of forest and external trusts ...etc. U said nothing about your CA hierarchy.
3. What are the certificates for ??
In your case , if we are only talking about certificates from the WEB Server , then these certificates are for supplying the SSL public / private session encryption keys.

Ur welcomed for any more help ..
0
 
LVL 13

Assisted Solution

by:Kini pradeep
Kini pradeep earned 250 total points
ID: 18896426
check this out:

http://support.microsoft.com/kb/298138
make sure that you keep the same name as described by drtoto82.
also make sure that the reg keys are backed before uninstalling the CA from the existing server.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20703228
Forced accept.

Computer101
EE Admin
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question