Remove Certificate Server (root CA)

Giganews Newsgroups
Subject: Remove Certificate Server (root CA)
Posted by:  scubaal (…@blakes.net)
Date: Wed, 31 Oct 2007

I have an old Win2k3 server running Cert Services as Root CA and ADC
on a v. small network.
Just installed a new SBS2003 server and made this a DC. Migrated all
the Ex2k3 stuff to the new server and copied the user data across.
Now want to dcpromo the old server to take it out, but cant while cert
services is installed.
Note: The Cert services has very limited use and in fact as *only*
been used to generate certifcates for the DCs (old and new)
themselves.

Question: I know I cant move the cert server from old to new becuase
the servers have different names. So I will have to uninstall CS. When
I do this the root CA becomes invalid and by defination all
certifcates issued by it.

As I have nothing encrypted with the old Root CA will this cause any
problems?
Do DCs *have* to have a certificate issued? Should I install CS on the
new (SBS) server and create a new Root CA for my DCs?

If a DC had a cert...and then doesnt....what happens?
Just trying to get a heads up before I do something stupid ;)

Al.

Replies