• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

CA migration to another DC/GC

I've got a customer that has several sites across the US and their CA is in a site that will soon be going away. I've moved the AD roles to a DC in another state but we're left with the CA in the soon to be closed location. From what they have told me one cert is being used for file encryption and another for servers and computers to establish trust with the DC's. There are other certs that they are checking on to see what they're actually doing. I've done some research and really haven't found a clear path as to what's the best way to migrate/move this. Some say you must have the same hostname etc. That's not possible as it's moving to an existing DC/GC. I thought about trying to create a CA subordinate on the other DC. I also have read that you should be able to migrate the store and as long as you use the same CA name it shoudl work. I've also got to make the decision as to whether this can be done during production or if it needs to be schedule for their one maintenance window they have each month.
0
bciengineer
Asked:
bciengineer
  • 3
  • 3
1 Solution
 
AmitIT ArchitectCommented:
That is right....you need same name for certificate server...Certificate migration is complex process...is this a 2008 server holding cert? or 2003?
0
 
bciengineerAuthor Commented:
Yes it's 2008 infastructure.
0
 
AmitIT ArchitectCommented:
Check this guide from MS.

http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx

If possible open a case with MS.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
bciengineerAuthor Commented:
What about the plan to try and create a Subordinate in the other location then shut the server down in the site that's going away?
0
 
AmitIT ArchitectCommented:
@bciengineer

I haven't tried that one. So cannot confirm.
0
 
bciengineerAuthor Commented:
Thanks for the input. Has anyone tried this method of setting up a CA subordinate to replace the root then take the root server offline?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now