Solved

Move Certificate Authority from 2008 to 2012 R2

Posted on 2013-11-26
2
7,673 Views
Last Modified: 2014-04-21
Hi,

What are the steps for moving a CA from a Windows server 2008 to a Windows Server 2012 R2?

And what kind of problem could we experience afterwards?

All of our computer, laptops etc. are using this CA.
0
Comment
Question by:Sum Wum
2 Comments
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39680009
You can use below guide for CA migration from 2008 to 2012 R2
The guide is upto 2012 at this moment, but i believe that it will applicable to 2012 R2 as well

http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx

I am just outline high level steps here

backup 2008 CA certificate with database and its registry
uninstall CA server role from 2008
Shutdown server for time being
prepare 2012 R2 member server with same host as old CA server
Install CA role with existing certificate (from Certificate backup taken above) on 2012 R2 server
Restore CA Database backup taken above from CA console on 2012 R2 server
Check if CRL and AIA entries in active directory sites and services are appropriate as your source and destination CA server Hostname is same.

Note:Do not change CA server Hostname otherwise your existing issued certificates will not able to check CRL
Once you are sure that new CA is working as expected, you can use old 2008 machine for else purpose with different host name.
Because if you face any issues on new CA, you can just uninstall CA from new server, rename it to some new name, start your old CA server, install CA role and just restore CA backup and you will be back in business.
Also you cannot change CA common name in AD

Mahesh
0
 
LVL 3

Expert Comment

by:GlobalStrata
ID: 40013817
Microsoft has posted step by step for this type of migration: http://technet.microsoft.com/en-us/library/ee126170(v=WS.10).aspx
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now