Kenan
asked on
Decomission Windows Server 2003 CA
Hello,
I have one 2003 CA server in my domain. I just installed another CA on 2008 R2 and I am planing to decomission the old CA. I will revoke old certificates and use the new CA infrastructure. No need to migrate anything. I found the following Microsoft KB:
http://support.microsoft.com/kb/889250
If I decomission the old CA this way, are there any repercutions that I should be aware of? Is this enough or are there other steps that I should do in order to make the new CA function?
Thanks
I have one 2003 CA server in my domain. I just installed another CA on 2008 R2 and I am planing to decomission the old CA. I will revoke old certificates and use the new CA infrastructure. No need to migrate anything. I found the following Microsoft KB:
http://support.microsoft.com/kb/889250
If I decomission the old CA this way, are there any repercutions that I should be aware of? Is this enough or are there other steps that I should do in order to make the new CA function?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What I'm concerned is the following:
When Microsoft Certificate Services is installed on a server that is a member of a domain, several objects are created in the configuration container in Active Directory.
These objects are the following:
certificateAuthority object
Located in CN=AIA,CN=Public Key Services,CN=Services,CN=Co
Contains the CA certificate for the CA.
Published Authority Information Access (AIA) location.
crlDistributionPoint object
Located in CN=ServerName,CN=CDP,CN=Pu
Contains the CRL periodically published by the CA.
Published CRL Distribution Point (CDP) location
certificationAuthority object
Located in CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Co
Contains the CA certificate for the CA.
pKIEnrollmentService object
Located in CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Co
Created by the enterprise CA.
Contains information about the types of certificates the CA has been configured to issue. Permissions on this object can control which security principals can enroll against this CA.
Are any of these AD object shared between both CA servers?