Move a certification authority from 2003 server to 2008 server with a different name
I need moving CA's to a 2008 server with a different name than the 2003 server they are currently on. All articles I find (including 298138) eplain how to move to server with same name. Any ideas?
April 7th, 2009 6:41am

hi there, Just to be on the safe side I'm including this link:http://support.microsoft.com/kb/298138If you do not have the same name for your new CA then you must reissue the CA certificate. There is no workaround for this.If the old CA is not kept around to publish CRLs then you must reissue all certificates prior to the old CA's CRL expiration. Due to this, it is common to create a last CRL for the old CA with an extended lifespan that matches the expiration date of the CA certificate being retired - you can modify this timeframe from the Certification Authority MMC in the properties of the CA.It is also adviseable to hold onto your old CA until at least the point where its certificate expires - that way you can continue to use your existing certificates and convert them as they expire normally.If this is due to a CA private key compromise, then it is proper to revoke the CA certificate, which will in effect revoke all certificates issued from that CA. sainath Windows Driver Development
Free Windows Admin Tool Kit Click here and download it now
April 7th, 2009 7:26am

Hi, When migrating a CA, the computer name of the target computer can differ from the computer name of the source computer, but the CA name must stay the same. For the detail steps for migrating the CA to a new host, please refer to the following article: http://technet.microsoft.com/en-us/library/cc742388.aspx Thanks.
April 9th, 2009 10:08am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics