Hi All, i have a CA on windows sever 2003 and i want to implement CA on windows server 2008 R2 my question is i want to use my old issued certificate again in the new CA, is that applicable and if yes how can i achieve that ?Tarek Khairy

Hope this migration guide helps: http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspxMy weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

hi Thanks for your reply but i forgot to say that i want to migrate to a different domain is that possible or not ?Tarek Khairy

Hi Tarek, Thank you for your post. I understand you want to migrate CA across Server OS and AD domain. No direct guide for your requirement. So I suggest you first step to migrate CA across Server OS and next step to migrate CA across AD domain. Windows 2008 support migrate CA across AD domain. In Domain membership change (different domain in same forest) Scenario, migration tasks include: 1.CA backup 2.CA configuration backup 3.Uninstall services 4.Install CA 5.CA restore 6.Active Directory cleanup Please refer to this article for details. If there is any update on this issue, please feel free to let us know. Regards, Rick Tan

Thanks for your reply let me explain more my case here 1- i have enterprise root CA on windows server 2003 2- i need to migrate it to stand alone as a root CA and enterprise CA as subordinate the stand alone CA will be taken offline and the enterprise CA will do all the job , both stand alone and Enterprise will be on windows server 2008 in a different domain because we are doing cross forest migration. - So what 1 - i want know is how can i do that 2- Can i use windows server 2008 standard or not ? 3- if i can't , can i backup only database and private key and use them in the new CA ? and where i can use them in the stand alone or Enterprise CA ? sorry one last thing if i want to only use the certificates from the old CA is it the same way to migrate or there is easier one Thanks alot Tarek Tarek Khairy

technically it is possible, but not trivial process. I would recommend to follow supported and *described* guides for CA migration.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

thanks for your reply another question for the stand alone CA what is recommended to be on work group machine or member server ?Tarek Khairy

this depends from the CA role. If this is root or policy CA it is recommended to setup in the workgroup environment. For issuing CA it is reasonable to setup on a domain member.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com