Re: Move certificate authority
From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 09/23/04
- Next message: Marten: "SMB signing"
- Previous message: Lars Olaussen: "Security features to be added in Windows Server 2003 R2?"
- In reply to: Ben Woskje: "Move certificate authority"
- Next in thread: Shawn Corey [MSFT]: "Re: Move certificate authority"
- Reply: Shawn Corey [MSFT]: "Re: Move certificate authority"
- Reply: Ben Woskje: "Re: Move certificate authority"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Sep 2004 10:03:10 +0200
Hi Ben,
Here is Microsoft article that explains step-by-step how to move CA service
between the servers.
How to move a certification authority to another server
http://support.microsoft.com/default.aspx?scid=kb;en-us;298138&Product=winsvr2003
This process will keep all your issued and revoked certificate information,
compared to process that you describe where you get whole new CA server.
You can only have 1 (one) Enterprise Root CA server at the time. Any other
Enterprise setup server can only be subordinate CA server. This should also
answer all the other questions related to this...
Implementing and Administering Certificate Templates in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03crtm.mspx
Best Practices for Implementing a Microsoft Windows Server2003 Public Key
Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
PKI Enhancements in Windows XP Professional and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/pkienh.mspx
Windows Server 2003 PKI Operations Guide
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
Managing a Windows Server 2003 Public Key Infrastructure
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/mngpki.mspx
Advanced Certificate Enrollment and Management
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
Configuring and Troubleshooting Windows 2000 and Windows Server 2003
Certificate Services Web Enrollment
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
Key Archival and Management in Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kyacws03.mspx
Mike
"Ben Woskje" <verukins@hotmail.com> wrote in message
news:2807742c.0409221743.a317817@posting.google.com...
> Hi,
> I wish to move a windows 2003 enterprise based CA from one server
> to another, and i just want to verify the process with some of you
> knowledgable type people.
>
> Certificate usage
> - Provides certificates to web servers that are accesable to the
> outside world
>
> 1. Install new enterprise root CA on new server
> 2. Create and issue new certificates to the appropriate web sites from
> new server
> 3. Revoke all certificates on the old server
> 4. Un-install the CA on the old server
>
> Questions
> 1. Are there any issues with having two root CA's in the forest?
> 2. Can i issue certificates with the same name from a different CA
> without any issues?
> 3. Any other stuff that someone who has done this can pass on?
> 4. Anything else i should do to "clean up"
>
> Thanks.
- Next message: Marten: "SMB signing"
- Previous message: Lars Olaussen: "Security features to be added in Windows Server 2003 R2?"
- In reply to: Ben Woskje: "Move certificate authority"
- Next in thread: Shawn Corey [MSFT]: "Re: Move certificate authority"
- Reply: Shawn Corey [MSFT]: "Re: Move certificate authority"
- Reply: Ben Woskje: "Re: Move certificate authority"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
