What to bring down Current Root CA in Active Directory
Hello,
Here is the scenerio....
We have a Microsoft CA running in the environment to run in conjuction with Exchange 2007, Outlook 2007 clients, as well as Office Communicator 2007. Due to naming and multiple role on the same server, I would like to delete the current CA from the AD Domain and start fresh with new a new server, name convention etc..The current setup for the CA is one server performing all CA services. For security reasons I want to seperate and delegate, I am aware of the process of deleting, and revoking such services, but. My first concern is Exchange 2007 and the Outlook client currently using the certs issued to them by the exsiting CA just for client server communications. I guess my question is, Can we delte the current CA server without revoking the certificate for Exchange/Outlook? And bring the new PKI infrastructure online and issue new certs and revoke and delete the old cert post deployment. How is this going to affect client server communication? OWA is not an issue we currently utilizing a mail security appliance that handles the third party cert for OWA. The appliance "tunnels" to OWA so there is no Forms Based Authentication setup at all. I have googled but getting the right wording and getting results that are relevant is a challange. Any help is very much appreciated
Here is the scenerio....
We have a Microsoft CA running in the environment to run in conjuction with Exchange 2007, Outlook 2007 clients, as well as Office Communicator 2007. Due to naming and multiple role on the same server, I would like to delete the current CA from the AD Domain and start fresh with new a new server, name convention etc..The current setup for the CA is one server performing all CA services. For security reasons I want to seperate and delegate, I am aware of the process of deleting, and revoking such services, but. My first concern is Exchange 2007 and the Outlook client currently using the certs issued to them by the exsiting CA just for client server communications. I guess my question is, Can we delte the current CA server without revoking the certificate for Exchange/Outlook? And bring the new PKI infrastructure online and issue new certs and revoke and delete the old cert post deployment. How is this going to affect client server communication? OWA is not an issue we currently utilizing a mail security appliance that handles the third party cert for OWA. The appliance "tunnels" to OWA so there is no Forms Based Authentication setup at all. I have googled but getting the right wording and getting results that are relevant is a challange. Any help is very much appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes the default AutoEnrollement which pushes the current-CA's root certificate to all of the domain-joined client machines.
The only challenge would be @ the non-domain joined machines...which would start showing-up the cert. warnings.
The only challenge would be @ the non-domain joined machines...which would start showing-up the cert. warnings.
ASKER
Thank you
ASKER
And I can safely assume that bringing down the old and coming up with the new is not going to break or ceace operations client/server?
Thanks,