Moving Win 2003 Certificate Authority to Another Server

I currently have a enterprise root CA running under Win 2003 standard. I know this is not the best scenario but when I aquired the server for administration it was a DC with the CA and Exchange. We removed the DC a couple of years ago and that left the CA and Exchange. I need to move the CA and upgrade it to 2003 Enterprise Server. That would give a stand alone CA and a stand alone Exchange server.

I have read that the CA can be moved to a new server with the same same or with a different name. However, what I have found says the CA name must stay the same. Well, the CA has the same name as the Exchange server name since they were on the same box. I need to keep the Exchange name. I not so sure it would be a good idea that if the CA were moved to a new server with a different  same name yet keep the same name as the Exchange server.

I have also read that a CA could be decomissioned and removed from the network. The root CA cert expires in 2 months and there will be no outstanding certificates. So with the expiration coming up, couldn't I pull the CA and decommission it. Completely remove it from the organization and then set up a new CA with a different name on the new server?

Also, I am lacking a physical server to load the CA on, but I do have a virtual environment that I could install the CA. This environmant is at a remote sight under a differnt subnet. It is part of the domain as there are two DCs at that site and are connected through AD Sites and Services. We have a dedicated private site to site 10meg fibre connection.  Ideally I would like to have it a my main site, but if not, would this cause any issues? I am thinking it shouldn't.
barrykeelAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

praveenkumare_spCommented:
no this souldn't cause any issue
0
barrykeelAuthor Commented:
What part are you talking about, the decomission and reinstall or the location at the remote site or both shouldn't be an issue?
0
praveenkumare_spCommented:
as u have mentioned there are no outstanding certificates from the CA , u can go ahead and decommision the old CA and set up a new CA
0
barrykeelAuthor Commented:
When I say outstanding, I mean there will be no outstanding after they have been revoked. All certs will be up for renewal in a couple of months but my plans are to decommission some time before the expiration date. I followed the kb article 889250 in a test environment and that seemed to work ok. I would revoke the certs before I decommissioned and uninstalled per the article. Also do the AD cleanup.
0
praveenkumare_spCommented:
yes the information that u have collected fron technet is dead accurate

u will have to follow the steps , as u have all the info i just replied saying "no this souldn't cause any issue "
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.