troubleshooting Question

PKI upgrade

Avatar of Alan Cox
Alan CoxFlag for United States of America asked on
* Public Key Infrastructure (PKI)* PKI CERTIFICATESActive Directory
4 Comments1 Solution106 ViewsLast Modified:

I am no expert on PKI although I've setup a couple for simple uses.
I have a client that has a single Enterprise root (single tier). They have server 2008 and are also looking to upgrade AD to 2016 while taking my recommendation to upgrade to 2 tier PKI (one offline root and 2 SUB Issuing).
I understand the theory behind it but I could use some guidance on getting it done. I've looked at several articles but nothing that's detailed on this scenario.
thinking I would just build out the PKI on 2016 separate as i know you can have multiple PKIs in the same forest (a good guide on this might be helpful also).
But what needs to be copied over/moved to new PKI from old? GPO changes ect.
Should PKI be done before AD or does that matter?
I'm not overly familiar with this client so I'm not really sure what they use certificates for at this point.
Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros