[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


new certification authority

Posted on 2009-12-22
Medium Priority
Last Modified: 2012-05-08
I need to move our CA from an old 2003 server to a new 2008 server.  i read the articles saying i need to move the ca to a new 03 server then upgrade to 08.  the new server, will also have a new name.  is there any easy way to do this?  without having to build a new server with the same name then run ridiculous, time consuming upgrades?
Question by:jhaff

Author Comment

ID: 26112549
i've also read articles about AD and DC cleanup, if i am moving the CA (not destroying it) do i need to go through the AD and DC cleanup?
LVL 31

Accepted Solution

Paranormastic earned 2000 total points
ID: 26116035
If you need to rename the CA then you will need to reissue the CA cert.  Although there are ways of doing this, it generally isn't worth it.  My advice is to set up the new CA and start migrating to it gracefully - you can have more than one CA in AD just fine.  Once you're all set, then decom the old box.  If you need to reclaim or get rid of the hardware, post back and I can show you a couple tricks to maintain the old certificates while migrating to the new box (but not issue from the old one).  If you need advice on setting up your new PKI I have a couple articles you can find from my profile.

If you were planning on going from 32 to 64 bit also, that just doesn't work.  If 32 to 32 or 64 to 64 then that could work if you keep the same keyset and such.

How to decom a CA server properly from AD:
LVL 31

Assisted Solution

Paranormastic earned 2000 total points
ID: 26116040
If you do just go through and move it, you need to keep the names the same and then do the upgrade, yes.  No, you don't need to do the cleanup - that would be a bad thing since it would be valid...

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question