Windows Thread, Windows CA in Technical; Hi
We have a CA here and its our PDC as well. I know you cant export/import the CA unless ...
15th July 2008, 03:13 PM #1
We have a CA here and its our PDC as well. I know you cant export/import the CA unless you keep the same server name but I was wondering if I created and set a new CA how would I ensure the clients get the new certificate other then rejoining them all?
We dont actually use the cert/CA for much but I would like the clients to get a new cert when they boot ideally.
16th July 2008, 10:41 AM #2
Funny you mention this - I've had to move a CA before now.
All you need do is export the certs you want to keep from the old CA (not the root cert) - put a new CA on another server.
Have the new CA make a new root cert - then via Group Policies it (by default) will import root CA's, I think there's a setting somewhere that tells it where to import the master CA from - but right now I can't find it.
Be sure to decomission (remove) your old CA though once your new CA is working okay - or better still... just switch your old CA off (if you can).
Hope this helps - thanks for kicking FastHosts into line
Thanks to azrael78 from:
ZeroHour (16th July 2008)
16th July 2008, 12:17 PM #3
Thanks we are finally almost at 100% restored now.
We will be just switching off the old CA. When you made your new CA I take it you had a different server name?
What happens to clients that have a cert issued from the old CA which you dont export?
By FN-GM in forum Wiki Announcements
Last Post: 27th March 2008, 04:19 PM
Last Post: 22nd August 2007, 07:23 AM
By simongrahamuk in forum Windows
Last Post: 30th October 2006, 08:42 PM
By tosca925 in forum Windows Vista
Last Post: 3rd May 2006, 07:27 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)