When Migrating the Certification Authority can a new server name be used

You simply cannot change CA name once installed, its not supported. Maximum you can move CA server from one server to another by keeping same CA server hostname \ different CA server hostname

The CA server name is hardcoded in issued certificates CRL and AIA

How many certificates you have issued with this CA ?

If number of issued certificates are less, then I would suggest you to go for brand new CA with new CA name and new server host name and just uninstall old CA

But if this is not the case and if you want to retain old CA by any means, then there are two approaches

1  Migrate CA server to another server by keeping same CA name (You cannot change CA name) and same CA server host name (Recommended all time)
https://www.experts-exchange.com/questions/28338390/Windows-CA-migration-from-Windows-2003-R2-to-Windows-2008-R2.html

2  Migrate CA server to another server by keeping same CA name (You cannot change CA name) and different server name
http://technet.microsoft.com/en-us/library/dn486797.aspx - All steps outlined here

With this approach you can migrate CA server on server with different hostname
Since CRL and AIA is hardcoded with old CA server name, you must provision IIS instance some where and put your CA root certificate and CRL there so that hardcoded location can resolved to that iis instance to get CRL and AIA

CRL is used to check whether client certificate is expired \ revoked against certificate revocation list (CRL)
AIA is used to verify issuer certificate authenticity (Authority information access (AIA)

If you skip above step, then your existing issued certificates will not work as expected because they will fail to check CRL and AIA and then you need to enroll new certificates to clients where new CA server name will get included

Check below excellent articles
https://social.technet.microsoft.com/wiki/contents/articles/21076.upgrading-the-pki-from-windows-server-2008-r2-to-windows-server-2012-different-host-name-part-1.aspx

The below article will explain how to redirect old CRL and AIA points of old certificate authority to new CA CRL and AIA points
http://blogs.technet.com/b/pki/archive/2012/01/27/steps-needed-to-decommission-an-old-certification-authority-without-affecting-previously-issued-certificates-and-then-switching-all-operations-to-a-new-certification-authority.aspx

Mahesh

Mahesh,

Thank you for the response. You lost me a little in the below section, so on the destination server the hostname can be different? The IIS instance needs to have the name of the source server? Again thanks for jumping in.

Migrate CA server to another server by keeping same CA name (You cannot change CA name) and different server name
http://technet.microsoft.com/en-us/library/dn486797.aspx - All steps outlined here

With this approach you can migrate CA server on server with different hostname
Since CRL and AIA is hardcoded with old CA server name, you must provision IIS instance some where and put your CA root certificate and CRL there so that hardcoded location can resolved to that iis instance to get CRL and AIA

OK!! I got it now.

I afraid not, to maintain continuity throughout the Active Directory, it is necessary to keep the same name. Consider a client with a certificate issued from the CA on Server A. That certificate directly references Server A and whenever a validation check is performed on the certificate (either by the client or a different client), roughly speaking, a revocation status request will be sent so Server A. Assuming Server A no longer exist or changed then the client's request will return "RPC Server Unavailable" and the certificate will be deemed invalid.

If the destination server is Windows Server 2008, it is supported to move the CA from one computer to a computer with different host name. However, please remember that we cannot change the CA name. See "The CA name must stay the same." (again) for "Computer to computer with host name change"