Transferring Certificate Authority to a different Active Directory server

I am fairly new at dealing with Certificate Authorities but here is my situation.

I currently have my Certificate Authority running on a domain controller.  For various reasons I would like to move the Certificate Authority to a different domain controller.  I have found several articles on how to move the CA to a new server that will have the same name as the old server but none explaining how to actually deal with a move to a completely different server with a different name.  

I don’t have too many Web Site certificates issues from the current CA so it would not be the end of the world to reissue those again from the new CA.  When I look at my CA under “Issued Certificates” I see what appears to be a certificate for every computer on my domain.  I’m unsure of what these certificates do or how they would be handled if I transfer the CA to a new server.  Any explanation of these would be usefull.

Finally is there a way to fully back up the CA on the current machine so that if there was a problem after moving to the new server I could revert back?

Thanks for your assistance.

Andy
dmaxITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

drtoto82Commented:
1. U can NEVER change the CA server name . You even have that warning when u install your CA.
2. To backup the CA u have two methods :
a. from ntbackup :> System State > select the Certificate Server .
b. or from the certificates mms console > certificate server > rt click > all tasks > backup CA

But , I do recommend that u make a FULL backup for that server too and make sure u are able to restore that server if something bad happens.

Life could get somehow harder if u have an enterprise root ca / subordinate ca / lots of forest and external trusts ...etc. U said nothing about your CA hierarchy.
3. What are the certificates for ??
In your case , if we are only talking about certificates from the WEB Server , then these certificates are for supplying the SSL public / private session encryption keys.

Ur welcomed for any more help ..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kini pradeepPrincipal Cloud and security consultantCommented:
check this out:

http://support.microsoft.com/kb/298138
make sure that you keep the same name as described by drtoto82.
also make sure that the reg keys are backed before uninstalling the CA from the existing server.
0
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.