No announcement yet.

New Certificate Authority Server help

  • Filter
  • Time
  • Show
Clear All
new posts

  • New Certificate Authority Server help

    Hi folks. I am a bit out of my element on this current problem so I am looking for some advice and hopefully some instruction so as not to screw this up.

    I have an old Windows 2000 server that is our Root CA. The certificate is about to expire at the end of the month and I have been instructed to get rid of the server. I have seen the Micrisoft instructions on upgrading the server to Server 2003 and then moving the certificate to a new Server 2003 server withth e same name. I don't want to do this if I don't have to. So my main question is: Can I simply start from scratch and setup a new Server 2008 VM with a brand new Root CA and point my Domain controllers at it and then when the current certificates on the old server expire, just turn it off?

    If this is an option for me are there any drawbacks? Can they both be on the network at the same time? If I can't do this, what is the next best option?

    I greatly appreciate any and all assistance in this matter.

  • #2
    Re: New Certificate Authority Server help

    Yes you can do this. The downside is that you will need to re-issue any existing certificates that were deployed from the old CA as your public key will be changing. Depending on the size of your environment, re-issuing all of your existing certificates may be a difficult task to accomplish by the end of the month.


    • #3
      Re: New Certificate Authority Server help

      And make sure that if any encryption certificates have been issued, there are absolutely NO files using them otherwise you willl be really stuck!
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **


      • #4
        Re: New Certificate Authority Server help

        Do you use a single or multiple tier pki infrastructure?
        Anyhow, basically I agree with the comments posted before me...

        Or migrate it
        Technical Consultant

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"