Install CA Certificate Autority on new server

Our CA Is offline and apparently has been for quite some time.  A little background, we have 5 domain controllers one is set as the PDC which is a 2008R2.  We are in the process of upgrading all of them to new servers currently two are 2012R2 the other three will be upgraded over the next year.
Forgive my newness to this but what does a CA do and can I just go ahead and install the CA on one of the 2012R2 DC servers.  What is involve in it or do I need to do?  Converting it would be problem I no longer have a server with the name it was looking for.  Do I need a CA?
Nicholas YeatmanITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BembiCEOCommented:
You may have a look at my articles here:
http://www.experts-exchange.com/articles/10727/Quick-Steps-How-to-implement-your-own-Windows-PKI.html

and this on:
http://www.experts-exchange.com/articles/10728/Customizing-Windows-PKI-Some-Tipps-and-Tricks.html

You don't need your own CA but it can be an advantage as more and more services work only with certificates (LYNC / Exchange). Certificates are needed whenever content should be signed or encrypted (i.e. SSL for webserver) or the identity of a service should be provable. The defaults of the newer OS and applications are in the meanwhile set to encrypt traffic as possible.

Some services (like Exchange) create a self signed cert, what can be used, but in a real production environment it produces some headache and is also not so quite easy to handle. With your one CA you have a free and domain based source for certificates wherever they are needed and they are easy to handle, to maintain and are less support intensive than self signed certificates. With some single GPO settings, you can more or less automate the whole process.  

For some purposes you need public certificates, whenever anonymous users accesses your services or you communicate with other services outside your domain. As foreign clients doesn't have your root certificate, a public cert is much easier to handle. But public certs costs money, so for internal purposes, you can use your own source for certificates.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nicholas YeatmanITAuthor Commented:
Thank you for the quick response!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.