2000 to 2008 R2 Certificate Authority Migration - Needs an CA Expert
Posted on 2011-10-17
inf02 = 2000 CA
inf03 = 2008 R2 CA
I have a 2008 R2 AD at that level. I understand that there is no migration path from 2000 to 2008 R2 because it would be a 32 to 64 bit change. A 2008 R2 CA has been installed along side of a 2000 CA. The goal is to direct new clients to the new 2008 R2 CA through manual and autoentrollment, and then decommision the 2000 CA.
On inf03 in Server Manager\AD Certificate Services\Enterprise PKI I see inf02 (v3.0) and the new CA is listed as inf03 (v0.0). In AD Sites and Services\Services\Public Key Services, I see both CAs listed under AIA and CDP. My certificate templates appear to show updated certificate template. Certutil.exe -dump shows a certificate for both CAs when run from either the 2000 or 2008 R2 CA command prompt.
Before try to move this forward and create an enrollement policy, I wanted to see if there is a CA Expert that has experience with this situation.