We help IT Professionals succeed at work.
Get Started

CA server migration from Windows 2003 to Windows 2012 R2

Last Modified: 2016-08-08
I have an internal root CA server that runs on Windows 2003, standalone, not connected to the network to issue SHA-1 certificates. Is it possible for me to have another internal root CA server running on Windows 2012 R2, standalone, not connected to the network to issue SHA-2 certificates?

This is so I can generate SHA-1 for legacy applications using existing CA and generate SHA-2 using new CA for the application those are currently using SHA-1 but can support SHA-2.

What is the best practice for achieve this? Will both root CA servers run on different names or same name. Can someone please advise me the step by step to achieve this? I want to migrate to SHA-2 but at the same time I don't want to affect my existing root CA.

Also, How will I renew the certificates of the existing applications using the new Windows 2012 R2 CA so they can use SHA-2?

Many Thanks
Watch Question
Director of Information Technology
This problem has been solved!
Unlock 1 Answer and 12 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE