Solved

Transferring Certificate Authority to a different Active Directory server

Posted on 2007-04-05
4
1,127 Views
Last Modified: 2013-12-04
I am fairly new at dealing with Certificate Authorities but here is my situation.

I currently have my Certificate Authority running on a domain controller.  For various reasons I would like to move the Certificate Authority to a different domain controller.  I have found several articles on how to move the CA to a new server that will have the same name as the old server but none explaining how to actually deal with a move to a completely different server with a different name.  

I don’t have too many Web Site certificates issues from the current CA so it would not be the end of the world to reissue those again from the new CA.  When I look at my CA under “Issued Certificates” I see what appears to be a certificate for every computer on my domain.  I’m unsure of what these certificates do or how they would be handled if I transfer the CA to a new server.  Any explanation of these would be usefull.

Finally is there a way to fully back up the CA on the current machine so that if there was a problem after moving to the new server I could revert back?

Thanks for your assistance.

Andy
0
Comment
Question by:dmaxIT
4 Comments
 
LVL 5

Accepted Solution

by:
drtoto82 earned 250 total points
ID: 18861893
1. U can NEVER change the CA server name . You even have that warning when u install your CA.
2. To backup the CA u have two methods :
a. from ntbackup :> System State > select the Certificate Server .
b. or from the certificates mms console > certificate server > rt click > all tasks > backup CA

But , I do recommend that u make a FULL backup for that server too and make sure u are able to restore that server if something bad happens.

Life could get somehow harder if u have an enterprise root ca / subordinate ca / lots of forest and external trusts ...etc. U said nothing about your CA hierarchy.
3. What are the certificates for ??
In your case , if we are only talking about certificates from the WEB Server , then these certificates are for supplying the SSL public / private session encryption keys.

Ur welcomed for any more help ..
0
 
LVL 13

Assisted Solution

by:Kini pradeep
Kini pradeep earned 250 total points
ID: 18896426
check this out:

http://support.microsoft.com/kb/298138
make sure that you keep the same name as described by drtoto82.
also make sure that the reg keys are backed before uninstalling the CA from the existing server.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 20703228
Forced accept.

Computer101
EE Admin
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question