Windows server 2008 PKI
Hi All,
i have a CA on windows sever 2003 and i want to implement CA on windows server 2008 R2
my question is i want to use my old issued certificate again in the new CA, is that applicable and if yes how can i achieve that ?Tarek Khairy
May 30th, 2011 7:39am
Hope this migration guide helps:
http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspxMy weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
May 30th, 2011 7:46am
hi
Thanks for your reply but i forgot to say that i want to migrate to a different domain is that possible or not ?Tarek Khairy
May 31st, 2011 1:59am
Hi Tarek,
Thank you for your post.
I understand you want to migrate CA across Server OS and AD domain.
No direct guide for your requirement. So I suggest you first step to migrate CA across Server OS and next step to migrate CA across AD domain.
Windows 2008 support migrate CA across AD domain. In Domain membership change (different domain in same forest) Scenario, migration tasks include:
1.CA backup
2.CA configuration backup
3.Uninstall services
4.Install CA
5.CA restore
6.Active Directory cleanup
Please refer to this
article for details.
If there is any update on this issue, please feel free to let us know.
Regards,
Rick Tan
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2011 4:13am
Thanks for your reply let me explain more my case here
1- i have enterprise root CA on windows server 2003
2- i need to migrate it to stand alone as a root CA and enterprise CA as subordinate the stand alone CA will be taken offline and the enterprise CA will do all the job , both stand alone and Enterprise will be on windows server 2008 in a different
domain because we are doing cross forest migration.
- So what 1 - i want know is how can i do that
2- Can i use windows server 2008 standard or not ?
3- if i can't , can i backup only database and private key and use them in the new CA ? and where i can use them in the stand alone or Enterprise CA ?
sorry one last thing if i want to only use the certificates from the old CA is it the same way to migrate or there is easier one
Thanks alot
Tarek
Tarek Khairy
May 31st, 2011 4:32am
technically it is possible, but not trivial process. I would recommend to follow supported and *described* guides for CA migration.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2011 8:00am
thanks for your reply another question for the stand alone CA what is recommended to be on work group machine or member server ?Tarek Khairy
May 31st, 2011 8:17am
this depends from the CA role. If this is root or policy CA it is recommended to setup in the workgroup environment. For issuing CA it is reasonable to setup on a domain member.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2011 11:38am