Moving / Removing CA Role
Posted on 2013-09-22
Note: I took over this network 3 months ago so I have very little history or reasoning behind my findings, so keep that in mind.
I need to remove a Windows 2008 Standard 32-Bit AD DC server from our domain so I can migrate to 2012 (all must be 64 bit). This server has the Certificate Authority (Local) role and there are active certs on the system. Is it really just as simple as backing up the CA, installing CA on another server and restoring the backup after shutting down the original?
There is a CAROOT, CAISSUE and CACRL Windows 2008 servers already in place, but they are not AD DC's.
If I look at the issued certs for CAROOT they are all expired and it has not issued anything new since 2012. The Failed Requests are very old and nothing new there.
If I look at the issued certs for CAISSUE it has not issued a cert since 2012. However, it has alot of failed requests that are recent for the reason "A required certificate is not within its validity period when verifying against the current system clock of the timestamp in the signed file"
If I look at the CACRL server it appears to be just the web-front end.
Any help is appreciated, I'm willing to do an online session if someone wants to go that far to help.