Ascentium
asked on
Upgrading my Two-Tier PKI from Server 2003 to Server 2008R2
I'm planning an OK upgrade to the servers in my 2-tier PKI and there's a couple things I'm not clear on.
Here's what I have:
A Standalone Offline Root CA (non-domain joined, not on the network) running Server 2003 Standard SP2.
An Issuing CA (online, domain joined) running Server 2003 Enterprise SP2.
I need to upgrade my issuing CA to Server 2008 R2 SP1, which for my purposes seems to be safely done as an in-place upgrade.
What I'm unclear on is this:
1) Do I need to upgrade the OS on my RootCA as well?
2) If so, which machine should I upgrade first?
3) If so, do I still keep the Root on Standard and the Issuing on Enterprise?
Any help from Windows Server and PKI pros out there would be much appreciated!
Thanks in advance,
Joshua Kautzman
System Support Engineer
Ascentium Corp
Here's what I have:
A Standalone Offline Root CA (non-domain joined, not on the network) running Server 2003 Standard SP2.
An Issuing CA (online, domain joined) running Server 2003 Enterprise SP2.
I need to upgrade my issuing CA to Server 2008 R2 SP1, which for my purposes seems to be safely done as an in-place upgrade.
What I'm unclear on is this:
1) Do I need to upgrade the OS on my RootCA as well?
2) If so, which machine should I upgrade first?
3) If so, do I still keep the Root on Standard and the Issuing on Enterprise?
Any help from Windows Server and PKI pros out there would be much appreciated!
Thanks in advance,
Joshua Kautzman
System Support Engineer
Ascentium Corp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER