asked on
Migrating from 2008 R2 Certificate Authority (CA) to a New 2016 CA
We are migrating from an old Windows Server 2008 R2 (Win2K8) Certificate Authority (CA)
to a new Windows Server 2016 CA (Win2K16). In the new plan we would have an
Standalone Root CA (offline) and an Enterprise Subordinate CA (online).
The Subordinate CA will be part of the domain, but the Standalone Root CA will
be a workgroup NOT connected to the domain or network and will eventually be
turned off for safe keeping.
I had to do a Multi-tier or Two-tier approach. One of the requirements were
to copy the Certificate Templates from the old Win2K8 R2 CA to the new Online
Win2K16 CA. They were under the impression we have to copy the modified
Certificate Templates from the old Win2K8 CA to the new Win2K16 CA.
Now correct me if I'm wrong, but I was under the impression all
Certificate Templates live in Active Directory and would be accessible by
the new CA anyways, so there should NOT be any copying of Templates to new
CA. Please clarify.
to a new Windows Server 2016 CA (Win2K16). In the new plan we would have an
Standalone Root CA (offline) and an Enterprise Subordinate CA (online).
The Subordinate CA will be part of the domain, but the Standalone Root CA will
be a workgroup NOT connected to the domain or network and will eventually be
turned off for safe keeping.
I had to do a Multi-tier or Two-tier approach. One of the requirements were
to copy the Certificate Templates from the old Win2K8 R2 CA to the new Online
Win2K16 CA. They were under the impression we have to copy the modified
Certificate Templates from the old Win2K8 CA to the new Win2K16 CA.
Now correct me if I'm wrong, but I was under the impression all
Certificate Templates live in Active Directory and would be accessible by
the new CA anyways, so there should NOT be any copying of Templates to new
CA. Please clarify.
Active DirectoryWindows Server 2008Windows 10AzureWindows Server 2016
Last Comment
Seth Simmons
Certificate Templates do not reside at all in Active Directory. The reside on the certificate server itself
ASKER
Ok so that clarifies things. How do I copy the Certificate Templates from old CA to new CA? If possible include all commands that will be needed, thanks.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
We gave the new Online SubCA a different name. So it will be another project to migrate existing workstations and devices.
Can you please point me in the direction to a detailed article that describes how to migrate existing CA, settings and database including templates to new Online SubCA.
Can you please point me in the direction to a detailed article that describes how to migrate existing CA, settings and database including templates to new Online SubCA.
Try this article to migrate settings and database to a new server:
http://www.yshvili.com/migrate-windows-server-2008-r2-certification-authority-new-server-windows-2012-2012-r2-2016/
http://www.yshvili.com/migrate-windows-server-2008-r2-certification-authority-new-server-windows-2012-2012-r2-2016/
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'Michael B. Smith' (https:#a42736911)
-- 'Peter Hutchison' (https:#a42733944)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'Michael B. Smith' (https:#a42736911)
-- 'Peter Hutchison' (https:#a42733944)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer