Yeah, I had seen that article too, but since it makes no mention of 2008 I was curious if anyone had tried it and found that the import works as expected on the 2008 CA. It almost seems easier to go the route of revoking the existing certificates and lengthening the CRL life on the old 2003 box, and then installing and starting up a new Enterprise CA on a new server and let it take over. Then again, I am admittedly not an expert on CAs. TVK
From: Don Guyer [mailto:[email protected]] Sent: Friday, December 19, 2008 9:48 AM To: NT System Admin Issues Subject: RE: Certificate Authority move during Windows 2008 upgrade. I realize the article is not for W2k8, but we retired a few 2003 CAs (with other 2k3 CAs) and followed this process of backing up/restoring the CA: http://support.microsoft.com/default.aspx?scid=kb;en-us;298138 Don Guyer Systems Engineer Information Services Prudential Fox Roach/ Trident 431 W. Lancaster Avenue Devon, PA 19333 Ph: (610) 993-3299 Fax: (610) 650-5306 www.prufoxroach.com<blocked::blocked::http://www.prufoxroach.com/> [email protected]<mailto:[email protected]> From: Tim Vander Kooi [mailto:[email protected]] Sent: Thursday, December 18, 2008 12:36 PM To: NT System Admin Issues Subject: Certificate Authority move during Windows 2008 upgrade. I know I have seen that a number of folks on the list have started (or completed) their move to Server 2008. My question is if anyone has moved their CA from 2003 to 2008 yet, and if so, have there been any issues. It seems to be as simple as revoking my 2003 certs that are outstanding, uninstalling the 2003 CA, and then installing a CA on a new 2008 DC and letting clients use the new authority. However, having completed my Exchange 2003 to 2007 migration earlier this year, I tend not to believe that these things are as easy in reality as they appear on paper. :-P Thanks for any insight you may be able to give, TVK ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
