No announcement yet.

Moving to a new root Enterprise Certificate Authority

  • Filter
  • Time
  • Show
Clear All
new posts

  • Moving to a new root Enterprise Certificate Authority


    Does anyone know of a way to move from one root enterprise CA to a new server? I am not talking about a hardware upgrade, KB298138 deals with this kind of move. Our enterprise root CA was setup by the developers and the machine they picked was a TEST machine. They then proceeded to deploy a subordinate CA that is now a PRODUCTION machine. I want to decommission the old server but I am afraid that when the certifcate exprires I will not be able to renew it. The applicaton (Corport Server 5.1) documentation states that when a certficate is renewed, the keys CANNOT change - otherwise it breaks the system. Ideally I would like to setup our secondary domain controller as the CA root. I'm tempted to renew the server and certificate and set the expiration date for 2099 (I should be dead by then), decommision the root CA and setup the new one.

    Any thoughts or suggestions?