Remove CA from the Domain, Startup a new CA
The network: D1 : Win2003 Server, DC and Stand alone CA D2: Windows 2008 R2 Standard, DC, Exchange server Exchange on D2 is using certificates from D1. I want to setup D2 as the CA and remove D1 as the CA. I only have 2 clients workstations at this point using Exchange for testing, and are using certificates from D1. So, I'm not particularly worried about having to recreate certificates and reissuing them from D2. Are there any other pit falls or can I just install the CA role in D2 ? Thanks
May 16th, 2011 9:42am

No. You can safely install another CA instance (with new root) and decomission old CA as necessary.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2011 10:54am

OK, thanks. I installed the CA on the Win 2008 Server. During the process, it did not ask me or just plain missed it, for entering information like the common name, city, etc. for CA's certificate. Is there way to change this information ?
May 17th, 2011 9:50am

OK, thanks. I installed the CA on the Win 2008 Server. During the process, it did not ask me or just plain missed it, for entering information like the common name, city, etc. for CA's certificate. Is there way to change this information ? Common name for the CA is specified in the ADCS wizard. However, city, country, etc are not included in the subject attribute of the certificate, and to be honest, they are not needed. ;)// Fredrik "DXter" Jonsson - http://www.poweradmin.se
Free Windows Admin Tool Kit Click here and download it now
May 17th, 2011 1:56pm

OK, thanks. I installed the CA on the Win 2008 Server. During the process, it did not ask me or just plain missed it, for entering information like the common name, city, etc. for CA's certificate. Is there way to change this information ? Common name for the CA is specified in the ADCS wizard. However, city, country, etc are not included in the subject attribute of the certificate, and to be honest, they are not needed. ;) If you really want to change the common name of your CA, you must do a full CA decommission from Active Directory and then reinstall the CA. Please check out what type of certificates that has been issued by this CA, since they should be replaced by certificates from the new CA. // Fredrik "DXter" Jonsson - http://www.poweradmin.se
May 17th, 2011 1:56pm

OK, thanks. I installed the CA on the Win 2008 Server. During the process, it did not ask me or just plain missed it, for entering information like the common name, city, etc. for CA's certificate. Is there way to change this information ? No, it is not possible for current CAs. You can specify CA name once during AD CS role installation and cannot be changed anymore. So you should carefully process installation wizard and read all information in the role setup pages.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2011 2:12am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics