Migrating/consolidating Microsoft certification authorities
Posted on 2013-06-10
An organization that I'm working with is running a CA on their old Windows Server 2003 machine in their old datacenter. Their new infrastructure exists in a different datacenter (on a different network, which can communicate with the old one), and has a CA running on Windows Server 2008 R2.
I've never migrated CAs before. I know that it can be done, but can an old CA be migrated into an existing one? I'm not really sure how that works. Basically, I'd like to have everything on a single CA (the 2008 R2 machine) instead of keeping up two separate CAs. If that's not possible, my understanding is that I can just swing the old CA onto the new network (it's a VM), and since the hostname isn't changing, it'll continue to function properly so long as DNS reflects its new address.