Re: Moving Enterprise Root CA

Brian Komar [MVP] wrote:
In article <esFH0jGcHHA.2552@xxxxxxxxxxxxxxxxxxxx>, richard.gadsden@xxxxxxxxxxxxxx says...
Ray wrote:
"Richard Gadsden" <richard.gadsden@xxxxxxxxxxxxxx> wrote in message news:%23RzqROJbHHA.4888@xxxxxxxxxxxxxxxxxxxxxxx
I have an enterprise root CA on a Windows Server 2003 Standard Edition server.

I have (finally) got the budget to put Windows Server 2003 Enterprise Edition in, but it will have to be on another server - and the previous server cannot be taken out of service or renamed.

I'm trying to think through my options to migrate it. What seems to make sense to me is:

1. Export the Root CA certificate

2. Set up a Stand-Alone Root CA using the exported certificate - on a server that can then be taken offline (probably a virtual one, unless someone has a good reason that a root CA can't be on a virtual server).

3. Create a new Subordinate Enterprise CA on the new Enterprise Edition server, subordinated from the new Root CA

4. Take the new Root CA off-line

5. Remove the old Enterprise Root CA and tell the domain to use the new Subordinate Enterprise CA

Does that make sense, and are there any tricks I'm missing?
>
Everything should be OK if you keep the name of new server same as that of old server
I can't rename the old server, so the new server will have to have a different name.


You must decommission the old server, build the new server using the new name, recover the CA, and then redeploy the old server using the name that you want.

Sorry, Brian, I can't do that. (fx: turns off HAL voice).

Really, I can't. Is this really impossible?

The old server is my primary file server, which I stuck the CA on as an afterthought. If this really is impossible, then can I just decomission the CA and build a completely new one? I guess that would invalidate all the certificates, but I could live with that.

--
Richard Gadsden richard.gadsden@xxxxxxxxxxxxxx
Nothing in this message is, or should be taken to be, representative
of the views of Cobbetts LLP
.

Relevant Pages

  • Re: Difference in using SQL Standard Edition and Enterprise Edition for EPM
    ... I'm not sure about a bentch mark, you could look at the microsoft server ... Enterprise but you might have done it. ... For our clients we mostly use the enterprise edition because we always try ... could you elaborate as to why are you recommending to use EPM 2003? ...
    (microsoft.public.project.pro_and_server)
  • ANN: kbmMW v. 2.50.00 Enterprise, ProPlus and Standard Edition in public beta!
    ... Components4Developers is proud to announce the latest version of our Enterprise level multi tier application server ... Current kbmMW v2.0x license holders will automatically be upgraded to kbmMW v. 2.50.00 ProPlus Edition without cost! ... - Support for Windows Performance Monitor (Enterprise Edition). ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Windows 2003 Server Enterprise : 32Bit oder 64Bit
    ... Du bekommst auch den Standard Server als 64Bit System. ... Der unterstützt bis zu 32GB RAM. ... Die Enterprise Edition macht z.B. nur Sinn wenn Du Clustering einsetzen willst oder den Sitzungsverzeichnisdienst für die TS Geschichte nutzen möchtest. ...
    (microsoft.public.de.german.windows.server.general)
  • Re: Enterprise Root CA Install
    ... It can be any web server location that is publicly accessible. ... offline root should be off the network and the CRL should be periodically ... copied from the offline root to a an online location specified in the CDP ... > an "Enterprise subordinate CA" installation. ...
    (microsoft.public.win2000.security)
  • Re: Installing a Enterprise Root CA in a mixed mode environment
    ... Enterprise Root CA. ... Enterprise Admins group for the forest and local admin on the server you are ... Install a Windows 2003 PKI on a W2000 AD ...
    (microsoft.public.windows.server.active_directory)