dedri
asked on
migrate Certificate autority to different server
I want to migrate my CA - windows 2003R2 to the new server with different name, preferable windows 2008 or windows 2012. Could you tell me Is this possible and how to do it.
I already tried searching in the net about some articles but all of them are giving the instruction how to move to different server with the same name. In all of the instructions is written change the name of the old one and use the name in the new server.
Here is one of the article direct from microsoft.
http://support.microsoft.com/kb/298138.
Also do you have any problem migrating from 32bit to 64bit windows.
According to the article :"Moving Certificate Services from a 32-bit operating system to a 64-bit operating system or vice-versa may fail with one of the following error messages"
Which let me to think that windows 2008R2 and windows 2012 are only 64bit, and my windows 2003R2 is 32bit.
I already tried searching in the net about some articles but all of them are giving the instruction how to move to different server with the same name. In all of the instructions is written change the name of the old one and use the name in the new server.
Here is one of the article direct from microsoft.
http://support.microsoft.com/kb/298138.
Also do you have any problem migrating from 32bit to 64bit windows.
According to the article :"Moving Certificate Services from a 32-bit operating system to a 64-bit operating system or vice-versa may fail with one of the following error messages"
Which let me to think that windows 2008R2 and windows 2012 are only 64bit, and my windows 2003R2 is 32bit.
Yes, it’s possible. I’ve already done it: moved Root CA from Windows Server 2003 Enterprise to Windows Server 2008 R2 Enterprise.
The most important step, if you want to keep your issued certificates, is to reuse the computer name.
Please, see my accepted solution below:
https://www.experts-exchange.com/questions/27052731/Migrating-Windows-2000-Active-Directory-Certificate-Authority-to-Windows-2008-DC.html
The most important step, if you want to keep your issued certificates, is to reuse the computer name.
Please, see my accepted solution below:
https://www.experts-exchange.com/questions/27052731/Migrating-Windows-2000-Active-Directory-Certificate-Authority-to-Windows-2008-DC.html
ASKER
spaperov, the problem is that there is a lot of roles on this server - it's a domain controller,certificate authority server, dns server,etc..
My intention is to move the the roles to different server, and because the name of the server is domaincontroller1.mycompan y.com I decided to move the CA role to different server.
My intention is to move the the roles to different server, and because the name of the server is domaincontroller1.mycompan
From the link http://support.microsoft.com/kb/298138 you mentioned in your question:
Note: The new server must have the same computer name as the old server.
If you don’t want to keep the same computer name, it will be like setting up a completely new CA for your domain. That means you will have to reissue and replace all certificates from the previous CA and, once the old CA has been removed, the applications won’t be able to validate the old certificates.
What is the CA used for?
Note: The new server must have the same computer name as the old server.
If you don’t want to keep the same computer name, it will be like setting up a completely new CA for your domain. That means you will have to reissue and replace all certificates from the previous CA and, once the old CA has been removed, the applications won’t be able to validate the old certificates.
What is the CA used for?
ASKER
it's used mainly for web server certificates for our internal web servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://technet.microsoft.com/en-us/library/cc770402.aspx