Current Configuration: Win 2008 R2 Domain, Win Server 2008 Enterprise Offline Root CA, Win Server 2008 Enterprise Subordinate CA.
I'd like to upgrade our CA environment from 2008 to 2012 R2. I was thinking the best way is to create a parallel environment with a new Win 2012 R2 Std Offline Root CA and Win 2012 R2 Std Subordinate CA. So both CAs would be active at the same time. Old_RootCA_2008 > Old_SubCA_2008 and New_RootCA_2012R2 > New_SubCA_2012R2. Then we issue new certs from the new CA and once the old certs are no longer required we decommission the Old CAs.
Is this a reasonable approach?
Or should I keep the Old_RootCA_2008 and just create a 2nd Sub CA New_SubCA_2012R2 and decommission the Old_SubCA_2008 ?
Or should I work on upgrading the 2008 to 2012R2 and how would I do that?
Any other ideas or advice?