Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Posts Tagged ‘Certificate Services’

Migrate/Upgrade CA from windows 2003 to windows 2008/R2

Posted by Awinish on February 5, 2011

Migrate/Upgrade CA from windows 2003 to windows 2008/R2

I came across various forums people need to migrate CA from old server to windows 2008 or 2008 R2, since business is taking switch from 2003 to 2008 because of the benefits from the windows 2003 to 2008/R2.

I have seen various FAQ’s like:

1.Can i migrate to another server with different Hostname?

As long as windows is running on windows 2008 or 2008 R2.

2. Can i change the CA name while migration?

No, if you do that, you are going to break the CA trusted chain & you have to start from fresh.

3. Shall i first install CA on windows 2008/R2 server or uninstall first on windows 2003 after taking backup.

You need to take the backup first, uninstall the CA on old server(else there will be conflict) & once its been uninstalled, rename the old server or remove it permanently & give time for changes to replicate in domain, once replication is complete, install the CA on windows 2008/R2.


I have added link from the Technet, which contains sufficient steps to migrate CA to new server.

Active Directory Certificate Services (AD CS) Frequently Asked Questions (FAQ)

Windows PKI blog


Posted in Directory Services, OS/Certificates | Tagged: | 1 Comment »

Designing And Implementing PKI

Posted by Awinish on December 29, 2010

I was looking for material on designing & implementing PKI, after a lot of searching, i stumbled across below post from MS DS Team lead NedPyle & i can bet you can’t find such a fine & details info anywhere else. I decided to include in my my blog for my as well as for others reference. Take a look at below understanding & implementing PKI.

The below Guide contains following & its a best resource for starting designing & implementing of PKI certificates.

Designing and Implementing a PKI: Part I Design and Planning
Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation
Designing and Implementing a PKI: Part III Certificate Templates
Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and Enabling Key Archival
Designing and Implementing a PKI: Part V Disaster Recovery

Windows PKI documentation reference


Posted in OS/Certificates | Tagged: , | Leave a Comment »