In our example we will try to migrate CA server installed on Windows 2008 R2 to new server under Windows 2016:
Backup certification authority:
- The CA backup can be performed through the CA wizard:
- Click on next to continue:
- On this page check the two options and spécify the path of backup then click Next:
- A new password is required to access on backup files:
- Click on finish:
- On backup path, we find all backed up files:
Export registry keys :
Export registry keys from this path HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration:
Remove CA role from old server:
To be able to reuse the name of old server , you have to remove the CA role before rename it.
- From server manager, you can perform the CA uninstalling:
- Click on remove:
- Restart the server to finish:
Now you can rename the old server.
Install new server with the same name as old server and restore CA certificate and database:
Install the role certification autority on new server then start the AD CS configuration:- Specify the credentials then click on Next:
- Select Certification Authority role then click on NEXT:
- Specify the Type of the CA then click on NEXT:
- Select the type of CA then click NEXT:
- Select the option Use existing private key:
- Click on Import:
- Specify the existing Certificate:
- Select on Certificate and click on NEXT:
- Add the database locations then select NEXT:
- Click on confirmation:
- Click on close:
- Open CA console then click on Restore:
- Click on NEXT:
- Specify the path and select the 2 items to restore:
- Specify the password:
Once you complete database restoration , you can restore registry keys backed up from the old Server.
