Solved

Move Certificate Authority from 2008 to 2012 R2

Posted on 2013-11-26
2
8,324 Views
Last Modified: 2014-04-21
Hi,

What are the steps for moving a CA from a Windows server 2008 to a Windows Server 2012 R2?

And what kind of problem could we experience afterwards?

All of our computer, laptops etc. are using this CA.
0
Comment
Question by:Sum Wum
2 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39680009
You can use below guide for CA migration from 2008 to 2012 R2
The guide is upto 2012 at this moment, but i believe that it will applicable to 2012 R2 as well

http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx

I am just outline high level steps here

backup 2008 CA certificate with database and its registry
uninstall CA server role from 2008
Shutdown server for time being
prepare 2012 R2 member server with same host as old CA server
Install CA role with existing certificate (from Certificate backup taken above) on 2012 R2 server
Restore CA Database backup taken above from CA console on 2012 R2 server
Check if CRL and AIA entries in active directory sites and services are appropriate as your source and destination CA server Hostname is same.

Note:Do not change CA server Hostname otherwise your existing issued certificates will not able to check CRL
Once you are sure that new CA is working as expected, you can use old 2008 machine for else purpose with different host name.
Because if you face any issues on new CA, you can just uninstall CA from new server, rename it to some new name, start your old CA server, install CA role and just restore CA backup and you will be back in business.
Also you cannot change CA common name in AD

Mahesh
0
 
LVL 3

Expert Comment

by:GlobalStrata
ID: 40013817
Microsoft has posted step by step for this type of migration: http://technet.microsoft.com/en-us/library/ee126170(v=WS.10).aspx
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question