Hi,now there is a Root CA on Server 2003 witch has a lot off mistakes.So we want to build a new Root Offline CAand a Enterprise Sub CA on Server 2008.What is the best way to archive this goal?The existing Root CA deploys simple Client Certs witch are in use.Should we uninstall the old CA and install the new Root CA and Sub CA on the new Server 2008 on weekend?Or is there any other way to archive the goal that no client has an interruption?Thanks,JK

Hi, You should revoke all active certificates when removing the current PKI system and its suggested to perform these steps on weekend. Please refer to the following article: How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000http://support.microsoft.com/kb/889250 After that, please follow the best practices to implement the new PKI. It also applies to Windows Server 2008. Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructurehttp://technet.microsoft.com/en-us/library/cc772670(WS.10).aspx Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

thx,that will be a nice weekend :-)jk