Solved

certificates PKI infrastructure migration high level steps

Posted on 2014-10-27
5
456 Views
Last Modified: 2014-10-29
Hello Experts,

I currently have two clients that are looking to migrate their PKI infrastructure to Windows 2012 R2 PKI

Client number one has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2003 is the OS in all servers, and domain/forest functional level is Windows 2003.

Client number two has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2008 is the OS in all servers, and domain/forest functional level is Windows 2008.

Can someone please provide high-level steps to migrate the entire infrastructure, considering the tier 3 and the OS on each client?

Can someone please provide a check list doc or spreadsheet to migrate PKI servers to latest OS?

Any blogs with tons of screenshots with all steps required by each phase?
0
Comment
Question by:Jerry Seinfield
  • 3
  • 2
5 Comments
 

Author Comment

by:Jerry Seinfield
ID: 40407492
Any updates?
0
 

Author Comment

by:Jerry Seinfield
ID: 40409520
Can someone please acknowledge this request?
0
 
LVL 36

Expert Comment

by:Jian An Lim
ID: 40409663
We are doing migration, not consolidating.
your client are on the 3 tier PKI structure so this is the microsoft recommended solution.


it is on microsoft support migration path way (from 2003/2008 to 2012)

there are tons of information in the technet i quoted below that include all the checklist and steps for all the required activities.

Please have a read on this article and any subsequence articles.
http://technet.microsoft.com/en-au/library/dn486797.aspx


please let me know if you have any concern.
0
 

Author Comment

by:Jerry Seinfield
ID: 40410655
thanks, but can anyone please summarize high level steps and attach a spreadsheet for checklist?
0
 
LVL 36

Accepted Solution

by:
Jian An Lim earned 500 total points
ID: 40411939
this is the high level steps you need.
Unless you have hit with a rock, all the plan will looks very similar, until you hit with some issues.
then post another question so we can look into it. If not, i am currently at a planning session but without knowing the environment well.

we can wait for another few days to get other experts, they might have prepared one before, but usually my reference to technet is suffice.


Preparing to migrate
     Preparing your destination server
     Backing up your source server
     Preparing your source server

Migrating the certification authority
     Backing up a CA database and private key
     Backing up CA registry settings
     Backing up CAPolicy.inf
     Removing the CA role service from the source server
     Removing the source server from the domain
     Joining the destination server to the domain
     Adding the CA role service to the destination server
     Restoring the CA database and configuration on the destination server
     Granting permissions on AIA and CDP containers
    Additional procedures for failover clustering (optional)


Verifying the migration
    Verifying certificate enrollment
    Verifying CRL publishing
   
Post-migration tasks
    Upgrading certificate templates in Active Directory Domain Services (AD DS)
    Retrieving certificates after a host name change
    Restoring Active Directory Certificate Services (AD CS) to the source server in the event of migration failure
    Troubleshooting migration
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question