certificates PKI infrastructure migration high level steps

Hello Experts,

I currently have two clients that are looking to migrate their PKI infrastructure to Windows 2012 R2 PKI

Client number one has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2003 is the OS in all servers, and domain/forest functional level is Windows 2003.

Client number two has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2008 is the OS in all servers, and domain/forest functional level is Windows 2008.

Can someone please provide high-level steps to migrate the entire infrastructure, considering the tier 3 and the OS on each client?

Can someone please provide a check list doc or spreadsheet to migrate PKI servers to latest OS?

Any blogs with tons of screenshots with all steps required by each phase?
Jerry SeinfieldAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jerry SeinfieldAuthor Commented:
Any updates?
0
Jerry SeinfieldAuthor Commented:
Can someone please acknowledge this request?
0
Jian An LimSolutions ArchitectCommented:
We are doing migration, not consolidating.
your client are on the 3 tier PKI structure so this is the microsoft recommended solution.


it is on microsoft support migration path way (from 2003/2008 to 2012)

there are tons of information in the technet i quoted below that include all the checklist and steps for all the required activities.

Please have a read on this article and any subsequence articles.
http://technet.microsoft.com/en-au/library/dn486797.aspx


please let me know if you have any concern.
0
Jerry SeinfieldAuthor Commented:
thanks, but can anyone please summarize high level steps and attach a spreadsheet for checklist?
0
Jian An LimSolutions ArchitectCommented:
this is the high level steps you need.
Unless you have hit with a rock, all the plan will looks very similar, until you hit with some issues.
then post another question so we can look into it. If not, i am currently at a planning session but without knowing the environment well.

we can wait for another few days to get other experts, they might have prepared one before, but usually my reference to technet is suffice.


Preparing to migrate
     Preparing your destination server
     Backing up your source server
     Preparing your source server

Migrating the certification authority
     Backing up a CA database and private key
     Backing up CA registry settings
     Backing up CAPolicy.inf
     Removing the CA role service from the source server
     Removing the source server from the domain
     Joining the destination server to the domain
     Adding the CA role service to the destination server
     Restoring the CA database and configuration on the destination server
     Granting permissions on AIA and CDP containers
    Additional procedures for failover clustering (optional)


Verifying the migration
    Verifying certificate enrollment
    Verifying CRL publishing
   
Post-migration tasks
    Upgrading certificate templates in Active Directory Domain Services (AD DS)
    Retrieving certificates after a host name change
    Restoring Active Directory Certificate Services (AD CS) to the source server in the event of migration failure
    Troubleshooting migration
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.