Re: Need to transfer Certificate Authority from one DC to another

microsoft.public.windows.server.security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject	Author	Date
Re: Need to transfer Certificate Authority from one DC to another	Paul Bergson [MVP-DS]	09-26-2008

Posted by Paul Bergson [MVP-DS] on September 26, 2008, 8:53 am

Please log in for more thread options

> KB 298138 has us rename the new server so that it matches the old server

> name. What if we want to move the CA to another server where we can't

> modify

> it's name (because it is a DC for example... I know that's not a

> recommended

> config but you do what you can with what they give you...)

> Thanks!

> "Jorge Silva" wrote:

>> Hi also look

>> How to move a certification authority to another server

>> http://support.microsoft.com/kb/298138

>> --

>> I hope that the information above helps you

>> Good Luck

>> Jorge Silva

>> MCSA

>> Systems Administrator

>> > The end users may not get affected right away becuase they will check

>> > the

>> > CRL and CTL according to the schedule defined in your CA heirarchy

>> > which

>> > is by default 1 week. The problem occurs when end user check the CRL

>> > chain and unable to verify it. I would suggest the backup the CA and

>> > restore it on the other server. Then publish the latest CRL from the

>> > new

>> > CA server.

>> >

>> > HTH

>> >

>> >> We have a flakey DC (primary) which the OS needs to be rebuilt.

>> >> There's

>> >> another DC (backup) which will become the primary while original DC is

>> >> taken

>> >> down. In addition to the 5 FSMO roles being transfered to the

>> >> secondary

>> >> DC,

>> >> we have a concern about the RPC over HTTP and OWA users out there

>> >> regarding

>> >> their certificates.

>> >>

>> >> How do we properly transfer the Certificate Authority from one DC to

>> >> the

>> >> other so there's no interruption in remote access? Thanks for any

>> >> counsel.

>> >

You can't rename a Certificate Authority the host name can never change.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Similar Threads	Posted
Create Certificate Request for Windows2003 certificate authority without using website	March 22, 2006, 8:07 am
Password encrypted for FTP transfer	August 29, 2005, 11:38 am
Root Certificate Authority	October 22, 2006, 6:35 am
PEM file with certificate authority?	February 6, 2007, 10:56 am
Re: Rendom and certificate authority on DC	June 5, 2007, 11:25 am
Searching Certificate Authority	September 17, 2007, 6:02 pm
Clustering Certificate Authority Server	November 21, 2005, 5:27 am
Certificate Authority backup failed.	November 27, 2005, 6:41 pm
How to tell if Certificate Authority is root, stand-alone or?	February 8, 2007, 10:27 am
Virtualized Certificate Authority Services	May 20, 2008, 3:19 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

XML Sitemap