Migrate Enterprise root authority CA to stand-alone root CA

Discussion in 'Server Security' started by Vlad Nevsky, Dec 13, 2005.

  1. Vlad Nevsky

    Vlad Nevsky Guest

    Hi All!
    Is it possible migrate Enterprise root CA to stand-alone root CA?
    I know that vice versa migration is possible:
    http://www.microsoft.com/technet/pr...2003/technologies/security/ws03pkog.mspx#ERAA

    What steps needed?
    We have one enterprise root ca and 3 subordinate CA and many issued
    certificates. We want go offline rootCA and keep existing SubCA with current
    certificates without entire replacing PKI.
    My probably plan:
    1. Backup CA keys.
    2. Stop CA service.
    3. Delete server from domain.
    4. Disconnect server from network.
    5. Deinstall Enterprise root CA.
    6. Install stand-alone root CA on this server with keys from backup.
    7. Connect to network.

    Any information is appreciated.

    Best regards,
    Vladislav Usik aka Vlad Nevsky
     
    Vlad Nevsky, Dec 13, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.