P
pnobels
Guest
Hi,
i'm currently digging into documentation on how to migrate a Windows 2008 R2 CA authority to Windows 2012 R2.
This is an Enterprise CA, so data is in AD. I'm moving the CA role to another host with a different hostname.
One thing which is not clear... Existing certificates have a CDP which points to an ldap path which contains the current hostname SRV-TEST.
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=ldap:///CN=TEST-147-CA,CN=SRV-TEST,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=contoso,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint (ldap:///CN=TEST-147-CA,CN=SRV-TEST,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=contoso,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint)
If i migrate the CA to another host with different hostname, won't that be a problem with the existing certificates? Or is - during the migration process - the old hostname SRV-TEST restored in that CDP? And even when creating new certificates above CDP will be used?
Continue reading...
i'm currently digging into documentation on how to migrate a Windows 2008 R2 CA authority to Windows 2012 R2.
This is an Enterprise CA, so data is in AD. I'm moving the CA role to another host with a different hostname.
One thing which is not clear... Existing certificates have a CDP which points to an ldap path which contains the current hostname SRV-TEST.
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=ldap:///CN=TEST-147-CA,CN=SRV-TEST,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=contoso,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint (ldap:///CN=TEST-147-CA,CN=SRV-TEST,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=contoso,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint)
If i migrate the CA to another host with different hostname, won't that be a problem with the existing certificates? Or is - during the migration process - the old hostname SRV-TEST restored in that CDP? And even when creating new certificates above CDP will be used?
Continue reading...