• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 918
  • Last Modified:

Upgrading my Two-Tier PKI from Server 2003 to Server 2008R2

I'm planning an OK upgrade to the servers in my 2-tier PKI and there's a couple things I'm not clear on.

Here's what I have:
A Standalone Offline Root CA (non-domain joined, not on the network) running Server 2003 Standard SP2.
An Issuing CA (online, domain joined) running Server 2003 Enterprise SP2.

I need to upgrade my issuing CA to Server 2008 R2 SP1, which for my purposes seems to be safely done as an in-place upgrade.

What I'm unclear on is this:
1) Do I need to upgrade the OS on my RootCA as well?
2) If so, which machine should I upgrade first?
3) If so, do I still keep the Root on Standard and the Issuing on Enterprise?

Any help from Windows Server and PKI pros out there would be much appreciated!

Thanks in advance,
Joshua Kautzman
System Support Engineer
Ascentium Corp
1 Solution
AscentiumAuthor Commented:
Thanks for the tip.  I ended up migrating both the offline root and the issuing CA to new virtual machines. Both the original 2003 servers were 32-bit and therefore couldn't do the in-place upgrade to 2008 R2 and the recommendation from a member on the Windows Server 2008 R2 blog recommended that there be no version mismatches in our PKI.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now