Hi, I have check documentation but no clear information about this question... Is it possible to install a second Certificate Authority on a same Domain (same Forest) for a migration project. The goal is to decomission the 1° one to replace it by a new Certificate Authority. If yes, what the best practices do to this? Regards. Regards, -Misch-

yes, you can deploy multiple PKIs within the same AD forest. I hope this migration guide will be helpful for you: http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspxMy weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

Hi Vadims, Thank for your response but my intend is not to migrate the current CA but to install a new one (with new name). Have the 2 CA cohabitation some days to get time to replace the different certificates. And on the end to delete the OLD CA. What do you think about this way? Regards, -Misch-

Then you just need to setup new PKI root and other CAs as necessary. After that assign issuing templates to new CAs and remove them from old CAs. In this case clients will enroll for a certificates only from new CAs. Once certificates are replaced you can start old PKI decomissioning process.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

ok, Thanks a lot for your answer.Regards, -Misch-