I'm planning an OK upgrade to the servers in my 2-tier PKI and there's a couple things I'm not clear on.
Here's what I have:
A Standalone Offline Root CA (non-domain joined, not on the network) running Server 2003 Standard SP2.
An Issuing CA (online, domain joined) running Server 2003 Enterprise SP2.
I need to upgrade my issuing CA to Server 2008 R2 SP1, which for my purposes seems to be safely done as an in-place upgrade.
What I'm unclear on is this:
1) Do I need to upgrade the OS on my RootCA as well?
2) If so, which machine should I upgrade first?
3) If so, do I still keep the Root on Standard and the Issuing on Enterprise?
Any help from Windows Server and PKI pros out there would be much appreciated!
Thanks in advance,
System Support Engineer