?
Solved

certificates PKI infrastructure migration high level steps

Posted on 2014-10-27
5
Medium Priority
?
479 Views
Last Modified: 2014-10-29
Hello Experts,

I currently have two clients that are looking to migrate their PKI infrastructure to Windows 2012 R2 PKI

Client number one has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2003 is the OS in all servers, and domain/forest functional level is Windows 2003.

Client number two has a 3 tier PKI infrastructure[Offline root, 1 enterprise subordinate, 2 cert issues servers]. Windows 2008 is the OS in all servers, and domain/forest functional level is Windows 2008.

Can someone please provide high-level steps to migrate the entire infrastructure, considering the tier 3 and the OS on each client?

Can someone please provide a check list doc or spreadsheet to migrate PKI servers to latest OS?

Any blogs with tons of screenshots with all steps required by each phase?
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:Jerry Seinfield
ID: 40407492
Any updates?
0
 

Author Comment

by:Jerry Seinfield
ID: 40409520
Can someone please acknowledge this request?
0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 40409663
We are doing migration, not consolidating.
your client are on the 3 tier PKI structure so this is the microsoft recommended solution.


it is on microsoft support migration path way (from 2003/2008 to 2012)

there are tons of information in the technet i quoted below that include all the checklist and steps for all the required activities.

Please have a read on this article and any subsequence articles.
http://technet.microsoft.com/en-au/library/dn486797.aspx


please let me know if you have any concern.
0
 

Author Comment

by:Jerry Seinfield
ID: 40410655
thanks, but can anyone please summarize high level steps and attach a spreadsheet for checklist?
0
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points
ID: 40411939
this is the high level steps you need.
Unless you have hit with a rock, all the plan will looks very similar, until you hit with some issues.
then post another question so we can look into it. If not, i am currently at a planning session but without knowing the environment well.

we can wait for another few days to get other experts, they might have prepared one before, but usually my reference to technet is suffice.


Preparing to migrate
     Preparing your destination server
     Backing up your source server
     Preparing your source server

Migrating the certification authority
     Backing up a CA database and private key
     Backing up CA registry settings
     Backing up CAPolicy.inf
     Removing the CA role service from the source server
     Removing the source server from the domain
     Joining the destination server to the domain
     Adding the CA role service to the destination server
     Restoring the CA database and configuration on the destination server
     Granting permissions on AIA and CDP containers
    Additional procedures for failover clustering (optional)


Verifying the migration
    Verifying certificate enrollment
    Verifying CRL publishing
   
Post-migration tasks
    Upgrading certificate templates in Active Directory Domain Services (AD DS)
    Retrieving certificates after a host name change
    Restoring Active Directory Certificate Services (AD CS) to the source server in the event of migration failure
    Troubleshooting migration
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question