No announcement yet.

Moving CA server in Win2003

  • Filter
  • Time
  • Show
Clear All
new posts

  • Moving CA server in Win2003

    Seems like I can't find a solution for this.

    I need to move my Windows 2003 CA from ServerA to ServerB. I CANNOT use the same computername, the new CA must have a different computername than the old CA.

    Documentation for doing this is almost non existant. I found some articles on MS site, but they only apply to doing a CA move from one server to another using the exact same name.

    Has anyone succcessfully done this?

  • #2
    Re: Moving CA server in Win2003

    Are we talking about a root CA? I guess so or else you wouldn't be asking the question.
    I haven't done any real work with a CA but from my studying, IIRC, if the name changes then that invalidates any previous certificates and then there's no trusted source... and therefore no valid certificates. That's why you see only procedures to move it to a server with the same name. You'll notice when you install certificate services it says you can't join or un-join a domain, workgroup, or change the computer's name.

    Depending on the situation you may need to just rebuild your certificate infrastructure. Why do you need it on a server with a different name? separating server roles?

    Others, please feel free to correct me as I have very little experience with CAs.

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: Moving CA server in Win2003

      No, youre right about this. I was just hoping someone found a workaround or hack. Guessing not so it looks like I'll have to rebuild it.