we have about half dozen EFS certificates issued to users.
We would like to decomission the existing CA (and leave the server in place http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_26626321.html
We don't mind changing the name of the root CA, we just are concerned of loosing the ability to reover any files encrypted by people on leave... if we uninstall the 2003 CA from the server and install a new CA root on 2008 R2.
SOme of the certificates expire in 1 year... We might not be able to locate all the encrypted files at this point in time
Will backing up the private key be enough to access encrypted files even after the CA is removed ? How does one go about recovering those files in that case ?
Can you provide a brief procedure to follow if we are happy to get rid of the old CA? is it a matter of:
1)backup existing CA key
2)uninstall CA from 2003
3) install new CA on 2008 R2
THanks for you help.