No announcement yet.

Changing Global Certificate Authority Hierarchy, OS (32 --> 64 bit), hostname, and HW

  • Filter
  • Time
  • Show
Clear All
new posts

  • Changing Global Certificate Authority Hierarchy, OS (32 --> 64 bit), hostname, and HW

    Hello all,
    I would like to create a completely new CA hierarcy and start with fresh hardware (VM's), OS and host name.
    Current setup:
    The USA is our main headquarters but we have another location in the UK.
    There is one Enterprise CA here in the US that is a Win2003 Standard 32-bit box (not on a domain controller) and a seperate Enterprise CA in the UK running on a Win2008 32-bit Standard box (also not on a domain controller).
    The US has about 100 users and about 30 member servers and the UK has about 30 users and about 10 member servers. Both on seperate, but trusted Forests with a point-to-point VPN via our firewalls between the two.
    The way we would like to set it up is to have one offline Root CA (running Win2008 Standard) and then one Enterprise CA (running Win2008 R2 Enterprise) here and possibly another in the UK (if needed). I just have a few questions though before I start the process.
    1. I have read that it is fine to have the offline Root CA be Win2008 Standard, but since we are going to have the Enterprise CA running Win2008 R2 which is 64-bit, does the offline Root CA need to be 64-bit OS also or should we just use 32-bit?
    2. Would it be better to start from scratch with this setup or should I just keep the same hostname and migrate our old stuff over from our current CA in the US? We have changed naming conventions, but it sounds like it is a real pain to change hostnames so I am open to either.
    3. If I do just migrate, then what should I do about the UK CA? Does it need to just stay over there and can I upgrade that to bit Win2008 R2 64-bit as well?
    4. Has anyone run into an issue with having either (or both) the Root CA and also the Enterprise CA on a Virtual Machine?
    5. Any other recommendations or a setup that you think would work better?

    I have read numerous, lengthy whitepapers inlcuding all of the migrations guidies & best practices, but these are the questions that I am left with. Thanks in advance for all your valued wisdom!