What is the best way to migrate from a 2003 certificate services to a 2012 version? We have run into the issue with not being able to produce a SHA256 template in 2003. Is there a way to bring a 2012 subordinate into the infrastructure to issue the SHA2 template?
What we were thinking:
1) Bring up a 2012 root CA
2) Bring up the subordinate 2012 CA's
3) Begin issuing from the 2012 infrastructure. Require the users to replace the 2003 certs on the 2012 infrastructure or let them expire. Or is there a way to migrate the 2003 certs over to the 2012 infrastructure? Pointing the 2003 subordinates to the 2012 root?
DC's are 2008 R2
Thanks in advance. New to the Microsoft CA services and now thrown in to get things working.