Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Move Certificate Authority from 2008 to 2012 R2

Posted on 2013-11-26
2
Medium Priority
?
8,998 Views
Last Modified: 2014-04-21
Hi,

What are the steps for moving a CA from a Windows server 2008 to a Windows Server 2012 R2?

And what kind of problem could we experience afterwards?

All of our computer, laptops etc. are using this CA.
0
Comment
Question by:Sum Wum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39680009
You can use below guide for CA migration from 2008 to 2012 R2
The guide is upto 2012 at this moment, but i believe that it will applicable to 2012 R2 as well

http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx

I am just outline high level steps here

backup 2008 CA certificate with database and its registry
uninstall CA server role from 2008
Shutdown server for time being
prepare 2012 R2 member server with same host as old CA server
Install CA role with existing certificate (from Certificate backup taken above) on 2012 R2 server
Restore CA Database backup taken above from CA console on 2012 R2 server
Check if CRL and AIA entries in active directory sites and services are appropriate as your source and destination CA server Hostname is same.

Note:Do not change CA server Hostname otherwise your existing issued certificates will not able to check CRL
Once you are sure that new CA is working as expected, you can use old 2008 machine for else purpose with different host name.
Because if you face any issues on new CA, you can just uninstall CA from new server, rename it to some new name, start your old CA server, install CA role and just restore CA backup and you will be back in business.
Also you cannot change CA common name in AD

Mahesh
0
 
LVL 3

Expert Comment

by:GlobalStrata
ID: 40013817
Microsoft has posted step by step for this type of migration: http://technet.microsoft.com/en-us/library/ee126170(v=WS.10).aspx
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question