I have a few questions regarding the following scenario:
I have a enterprise CA running on a Windows 2003 DC that needs to be replaced. I have about 100 smartcard logon certificates issued by that CA (used for Token auth) and a few other certs (webservers and such).
My questions are:
- If I move that CA to a new server hardware with same OS and identical server name, do the certificates continue to work or will I have to re-issue?
- I already have installed the replacement server with a different server name as a DC. Forest and domain level are Windows 2003. Will I be able to rename that DC and restore the CA successfully?
- I have found an article (http://windowsitpro.com/article/articleid/97565/moving-a-certificate-authority-ca-to-another-dc.html
) that states that I can use a different server name when I change the CAServername setting before I import the reg key on the new server. Does anyone have experience with this? I assume if this really works the certs will become invalid, correct?
If anyone has some useful information and maybe some tips and tricks I would really appreciate.
Thanks in advance