Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1139
  • Last Modified:

Transferring Certificate Authority to a different Active Directory server

I am fairly new at dealing with Certificate Authorities but here is my situation.

I currently have my Certificate Authority running on a domain controller.  For various reasons I would like to move the Certificate Authority to a different domain controller.  I have found several articles on how to move the CA to a new server that will have the same name as the old server but none explaining how to actually deal with a move to a completely different server with a different name.  

I don’t have too many Web Site certificates issues from the current CA so it would not be the end of the world to reissue those again from the new CA.  When I look at my CA under “Issued Certificates” I see what appears to be a certificate for every computer on my domain.  I’m unsure of what these certificates do or how they would be handled if I transfer the CA to a new server.  Any explanation of these would be usefull.

Finally is there a way to fully back up the CA on the current machine so that if there was a problem after moving to the new server I could revert back?

Thanks for your assistance.

Andy
0
dmaxIT
Asked:
dmaxIT
2 Solutions
 
drtoto82Commented:
1. U can NEVER change the CA server name . You even have that warning when u install your CA.
2. To backup the CA u have two methods :
a. from ntbackup :> System State > select the Certificate Server .
b. or from the certificates mms console > certificate server > rt click > all tasks > backup CA

But , I do recommend that u make a FULL backup for that server too and make sure u are able to restore that server if something bad happens.

Life could get somehow harder if u have an enterprise root ca / subordinate ca / lots of forest and external trusts ...etc. U said nothing about your CA hierarchy.
3. What are the certificates for ??
In your case , if we are only talking about certificates from the WEB Server , then these certificates are for supplying the SSL public / private session encryption keys.

Ur welcomed for any more help ..
0
 
Kini pradeepIT Technology Senior ConsultantCommented:
check this out:

http://support.microsoft.com/kb/298138
make sure that you keep the same name as described by drtoto82.
also make sure that the reg keys are backed before uninstalling the CA from the existing server.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now