We have a Windows 2008 CA server which we intend to remove and re-install CA onto a 2012 box.
Decided to go for non-migration approach as new server will have different name to existing server and we don't particularly like the naming scheme of the existing root-ca.
Can currently see certificates issued for Basic EFS, SubCA, Domain Controller, User and WebServer so would someone be able to check my logic on the list below and confirm if I'm wrong?
1. Basic EFS - Only a problem if the users have encrypted files. I've checked and they haven't
2. SubCA - Can be replaced. (in our case only issued to one device for SSL passthrough)
3. Domain Controller - Auto enrolled so if not available will not be a problem. Once new CA setup new certs will be auto-created.
4. User - In our case only issued for a few users and can be replaced.
5. Webservers - Can be replaced.
My main concern is the certs issued to the Domain Controllers - is my point 3. correct?
Our plan is as follows - backup existing CA, uninstall on 2008 box, add roles on 2012 box creating new root CA.
Would appreciate any advice from someone who has carried out a similar task or can see a glaring mistake I'm about to make.