Moving Win 2003 Certificate Authority to Another Server

I currently have a enterprise root CA running under Win 2003 standard. I know this is not the best scenario but when I aquired the server for administration it was a DC with the CA and Exchange. We removed the DC a couple of years ago and that left the CA and Exchange. I need to move the CA and upgrade it to 2003 Enterprise Server. That would give a stand alone CA and a stand alone Exchange server.

I have read that the CA can be moved to a new server with the same same or with a different name. However, what I have found says the CA name must stay the same. Well, the CA has the same name as the Exchange server name since they were on the same box. I need to keep the Exchange name. I not so sure it would be a good idea that if the CA were moved to a new server with a different  same name yet keep the same name as the Exchange server.

I have also read that a CA could be decomissioned and removed from the network. The root CA cert expires in 2 months and there will be no outstanding certificates. So with the expiration coming up, couldn't I pull the CA and decommission it. Completely remove it from the organization and then set up a new CA with a different name on the new server?

Also, I am lacking a physical server to load the CA on, but I do have a virtual environment that I could install the CA. This environmant is at a remote sight under a differnt subnet. It is part of the domain as there are two DCs at that site and are connected through AD Sites and Services. We have a dedicated private site to site 10meg fibre connection.  Ideally I would like to have it a my main site, but if not, would this cause any issues? I am thinking it shouldn't.
barrykeelAsked:
Who is Participating?
 
praveenkumare_spConnect With a Mentor Commented:
yes the information that u have collected fron technet is dead accurate

u will have to follow the steps , as u have all the info i just replied saying "no this souldn't cause any issue "
0
 
praveenkumare_spCommented:
no this souldn't cause any issue
0
 
barrykeelAuthor Commented:
What part are you talking about, the decomission and reinstall or the location at the remote site or both shouldn't be an issue?
0
 
praveenkumare_spCommented:
as u have mentioned there are no outstanding certificates from the CA , u can go ahead and decommision the old CA and set up a new CA
0
 
barrykeelAuthor Commented:
When I say outstanding, I mean there will be no outstanding after they have been revoked. All certs will be up for renewal in a couple of months but my plans are to decommission some time before the expiration date. I followed the kb article 889250 in a test environment and that seemed to work ok. I would revoke the certs before I decommissioned and uninstalled per the article. Also do the AD cleanup.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.