Re: Enterprise Root CA change
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/03/05
- Next message: Steven L Umbach: "Re: Moving encrypted files"
- Previous message: Steven L Umbach: "Re: ActiveX vs. Win2k3"
- In reply to: RJ: "Enterprise Root CA change"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Feb 2005 22:50:04 -0600
If you want to replace your existing Enterprise CA to a new computer you can
not have them both on the network at the same time. There is way to move the
CA to a new computer by backing up the existing CA keys, certificate
database, and registry configuration to restore to the new computer after
taking the original CA offline but you can certainly have more then one
Enterprise CA in the domain, usually by creating "subordinate CA's" that
chain the root Enterprise CA you already have. The link below explains a way
to move a CA to another computer. For an Enterprise CA I would also
recommend that you name the new computer the same as the old computer [after
taking the old one offline] and then join it to the domain before doing the
move procedure. --- Steve
http://support.microsoft.com/?id=298138 --- how to move Windows Certificate
Authority.
"RJ" <RJ@discussions.microsoft.com> wrote in message
news:ACEE0004-D61F-4474-9CFF-9A478D5798A4@microsoft.com...
>I am running a Win2k enterprise root CA without subordinates CAs with a few
> certificates issued. I would like to setup a new Win2k3 enterprise root
> CA
> in the same Win2k3 Active directory domain.
>
> Can I run these in parallel in the same domain?
>
> Do I need to decomission the Win2k CA first before I install the new
> Win2k3
> CA since it will start a new certificate chain?
>
> Thanks,
- Next message: Steven L Umbach: "Re: Moving encrypted files"
- Previous message: Steven L Umbach: "Re: ActiveX vs. Win2k3"
- In reply to: RJ: "Enterprise Root CA change"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
