Re: Best Practice approach in Replacing an Enterprise CA

---

• From: Paul Adare - MVP <pkadare@xxxxxxxxx>
• Date: Fri, 22 Aug 2008 05:48:49 -0400

---

On Thu, 21 Aug 2008 20:39:01 -0700, NoyPi_Yongski wrote:

Thanks for the reply. This article is one of the alternatives we
considered. What is your opinion however if we go ahead with just
uninstalling the CA role and reinstalling on the new server and reissuing the
necessary certs?

Would you think that this approach is more complicated than your suggested
alternative?

Given the description of your environment (small, not many certs issued),
I'd go with you original idea of rip, replace and reissue.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Hardware: The parts of a computer system that can be kicked.
.

---

• Follow-Ups:
  • Re: Best Practice approach in Replacing an Enterprise CA
    • From: NoyPi_Yongski

• References:
  • Best Practice approach in Replacing an Enterprise CA
    • From: NoyPi_Yongski
  • RE: Best Practice approach in Replacing an Enterprise CA
    • From: NoyPi_Yongski

• Prev by Date: Re: Bad bug in MS ACL API and seems to have been there for years!
• Next by Date: Re: Expired Kerberos TGT, AcquireCredentials/InitializeSecurityContext failure, how to force refresh/renew?
• Previous by thread: RE: Best Practice approach in Replacing an Enterprise CA
• Next by thread: Re: Best Practice approach in Replacing an Enterprise CA
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2008-08