Share via

Migrate single windows server 2012 R2 CA server to windows 2022 server and implement PKI 2 tier

Mahela Walpola 20 Reputation points
2023-08-31T06:17:42.7+00:00

In current environment we have windows server 2012 R2 CA server and we are trying to migrate this service to windows server 2022 environment with PKI 2 tier (One root CA server and two subordinate servers ). We need to know the procedure to do that and recommendations like pre requisites.

Windows for business | Windows Server | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Johan Heyneke 81 Reputation points Microsoft Employee
    2023-08-31T06:48:45.87+00:00
    0 comments
  2. Anonymous
    2023-09-11T07:53:28.3533333+00:00

    Hello Mahela Walpola,

    Thank you for posting in Q&A forum.

    Based on the description "In current environment we have windows server 2012 R2 CA server", is your existing windows server 2012 R2 CA server an offline standalone CA or an online enterprise CA server?

    If it is an offline standalone CA server, you can migrate windows server 2012 R2 CA server to windows 2022 server, it will act as one offline root CA server. And then you add two subordinate CA servers.

    If it is an online enterprise CA server, you can try to migrate online enterprise CA server to an offline standalone CA server (not sure if an online enterprise CA server can be migrated to an offline standalone CA server, I suggest you can try on test lab first), it will act as one offline root CA server. And then you add two subordinate CA servers.

    For adding two subordinate CA servers, you can refer to the part "Install Enterprise Issuing CA".

    https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx#:~:text=Install%20the%20Active%20Directory%20Forest%20Prepare%20the%20web,post%20installation%20configuration%20on%20the%20subordinate%20issuing%20CA

    For CA migration, please refer to this similar thread.
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/0b2e5613-17e0-462c-8a31-f13d0e4dffba/root-ca-migration-from-2008-r2-to-2016?forum=winserversecurity

    Note: Please do all the steps in test lab first, and then in production environment.

    Hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.