|
Posted by Ray on March 27, 2007, 10:14 am
Please log in for more thread options Then you will have trouble to move CA.
--
Ray
MCSE+Internet, MCDBA, MCP
> Ray wrote:
>>> I have an enterprise root CA on a Windows Server 2003 Standard Edition
>>> server.
>>>
>>> I have (finally) got the budget to put Windows Server 2003 Enterprise
>>> Edition in, but it will have to be on another server - and the previous
>>> server cannot be taken out of service or renamed.
>>>
>>> I'm trying to think through my options to migrate it. What seems to
>>> make sense to me is:
>>>
>>> 1. Export the Root CA certificate
>>>
>>> 2. Set up a Stand-Alone Root CA using the exported certificate - on a
>>> server that can then be taken offline (probably a virtual one, unless
>>> someone has a good reason that a root CA can't be on a virtual server).
>>>
>>> 3. Create a new Subordinate Enterprise CA on the new Enterprise Edition
>>> server, subordinated from the new Root CA
>>>
>>> 4. Take the new Root CA off-line
>>>
>>> 5. Remove the old Enterprise Root CA and tell the domain to use the new
>>> Subordinate Enterprise CA
>>>
>>> Does that make sense, and are there any tricks I'm missing?
> >
>> Everything should be OK if you keep the name of new server same as that
>> of old server
>
> I can't rename the old server, so the new server will have to have a
> different name.
>
> --
> Richard Gadsden richard.gadsden@cobbetts.co.uk
> Nothing in this message is, or should be taken to be, representative
> of the views of Cobbetts LLP
| 
XML Sitemap