Solved

certificates PKI infrastructure migration high level steps

Posted on 2014-10-27
5
463 Views
Last Modified: 2014-10-29
Hello Experts,

I currently have two clients that are looking to migrate their PKI infrastructure to Windows 2012 R2 PKI

Client number one has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2003 is the OS in all servers, and domain/forest functional level is Windows 2003.

Client number two has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2008 is the OS in all servers, and domain/forest functional level is Windows 2008.

Can someone please provide high-level steps to migrate the entire infrastructure, considering the tier 3 and the OS on each client?

Can someone please provide a check list doc or spreadsheet to migrate PKI servers to latest OS?

Any blogs with tons of screenshots with all steps required by each phase?
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:Jerry Seinfield
ID: 40407492
Any updates?
0
 

Author Comment

by:Jerry Seinfield
ID: 40409520
Can someone please acknowledge this request?
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40409663
We are doing migration, not consolidating.
your client are on the 3 tier PKI structure so this is the microsoft recommended solution.


it is on microsoft support migration path way (from 2003/2008 to 2012)

there are tons of information in the technet i quoted below that include all the checklist and steps for all the required activities.

Please have a read on this article and any subsequence articles.
http://technet.microsoft.com/en-au/library/dn486797.aspx


please let me know if you have any concern.
0
 

Author Comment

by:Jerry Seinfield
ID: 40410655
thanks, but can anyone please summarize high level steps and attach a spreadsheet for checklist?
0
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 500 total points
ID: 40411939
this is the high level steps you need.
Unless you have hit with a rock, all the plan will looks very similar, until you hit with some issues.
then post another question so we can look into it. If not, i am currently at a planning session but without knowing the environment well.

we can wait for another few days to get other experts, they might have prepared one before, but usually my reference to technet is suffice.


Preparing to migrate
     Preparing your destination server
     Backing up your source server
     Preparing your source server

Migrating the certification authority
     Backing up a CA database and private key
     Backing up CA registry settings
     Backing up CAPolicy.inf
     Removing the CA role service from the source server
     Removing the source server from the domain
     Joining the destination server to the domain
     Adding the CA role service to the destination server
     Restoring the CA database and configuration on the destination server
     Granting permissions on AIA and CDP containers
    Additional procedures for failover clustering (optional)


Verifying the migration
    Verifying certificate enrollment
    Verifying CRL publishing
   
Post-migration tasks
    Upgrading certificate templates in Active Directory Domain Services (AD DS)
    Retrieving certificates after a host name change
    Restoring Active Directory Certificate Services (AD CS) to the source server in the event of migration failure
    Troubleshooting migration
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question