Windows Server 2003 CA upgrade to Windows Server ADCS

1. Log on to the Windows Server 2003 Certificate Server as a domain administrator.

2. Start the-〉 management tool-〉 Certification Authority, open the certification authority

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/3D/wKioL1c8D6jT5FZYAAEijdorG-8329.png "title=" 001. PNG "alt=" Wkiol1c8d6jt5fzyaaeijdorg-8329.png "/>

3. Right-click the CA name, all Tasks, and then click Backup CA.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/80/3D/wKioL1c8EASSoQoZAAC4bMPAPq4210.png "title=" 002. PNG "alt=" Wkiol1c8eassoqozaac4bmpapq4210.png "/>

4. On the Welcome to the Certification Authority Backup Wizard page, click Next.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/40/wKiom1c8D3HT0SsRAADQGCAy9yY293.png "title=" 003. PNG "alt=" Wkiom1c8d3ht0ssraadqgcay9yy293.png "/>

5. On the items to back Up page, select the private key and CA certificates and the certificate database and certificate database logs check boxes, select the backup directory at the backup location, and then click Next.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/3D/wKioL1c8ELnyX-S1AADR6XdgA2s352.png "title=" 004. PNG "alt=" Wkiol1c8elnyx-s1aadr6xdga2s352.png "/>

6. On the Select Password page, type the password to protect the CA private key, and click Next.

7. On the Completing the Backup Wizard page, click Finish.

8. After the backup is complete, verify the following files in the location that you specified: include the CA Certificate database folder and the private key certificate ending with. P12

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/40/wKiom1c8EBmCMm0GAADhsWOhu_Q427.png "title=" 005. PNG "alt=" Wkiom1c8ebmcmm0gaadhswohu_q427.png "/>

9. Start-〉 run, and type regedit-〉 OK to open Registry Editor.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/3D/wKioL1c8ET_jKx-rAAEOrjdX6Sc380.png "title=" 006. PNG "alt=" Wkiol1c8et_jkx-raaeorjdx6sc380.png "/>

Open hkey_local_machine\ system\currentcontrolset\ services\certsvc in turn, right-click Configuration, and then click Export . and saved in the CA backup folder,

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/3D/wKioL1c8EXvTmWOtAADwCWB5MV8833.png "title=" 007. PNG "alt=" Wkiol1c8exvtmwotaadwcwb5mv8833.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/3D/wKioL1c8EabBUcAdAADZCpVOXN8093.png "title=" 008. PNG "alt=" Wkiol1c8eabbucadaadzcpvoxn8093.png "/>

One by one. now open the ADCA Certificate Server backup directory, the registry key has been successfully exported.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/3D/wKioL1c8EeLTg9oDAADvPT9ueDo337.png "title=" 009. PNG "alt=" Wkiol1c8eeltg9odaadvpt9uedo337.png "/>

Uninstall the Windows 2003 CA Certificate Server. Start-〉 Control Panel-〉 Add or Remove Programs

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/40/wKiom1c8EUjx61DvAAEcUYSZxG0529.png "title=" 010. PNG "alt=" Wkiom1c8eujx61dvaaecuyszxg0529.png "/>

Open "Add/Remove Windows Components" in Add or Remove Programs and locate "Certificate Services"

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/40/wKiom1c8EXuhTNIkAAEUO_gfLs0866.png "title=" 011. PNG "alt=" Wkiom1c8exuhtnikaaeuo_gfls0866.png "/>

Remove the hook before Certificate Services (remove Certificate Services), click Next

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/3D/wKioL1c8EsvzKGFtAAEUOOQrzfc454.png "title=" 012. PNG "alt=" Wkiol1c8esvzkgftaaeuooqrzfc454.png "/>

Click Finish, and copy the backup to the desktop/ca/cabak folder on the computer that is the destination server for Windows Server 2012.

16. Change the computer name of Windows Server 2003 to a different name (the name of the network has duplicate names)

17. Install the Windows Server 2012 server and join CONTOSO. COM domain, and log on to the system as a domain administrator.

18. Change the computer name (server) for the original Windows Server 2003 ADCA Certificate Server

19. Open the "Manager server"

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/80/3D/wKioL1c8EynjxkEDAADFw8WyKzI432.png "title=" 013. PNG "alt=" Wkiol1c8eynjxkedaadfw8wykzi432.png "/>

20. Install the ADCA Certificate Server. Open add roles and features to leave the default, click Next.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/80/3D/wKioL1c8E3PwQsH3AADoE-Xfmgo978.png "title=" 014. PNG "alt=" Wkiol1c8e3pwqsh3aadoe-xfmgo978.png "/>

Select "Role-based or feature-based installation" Click Next

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/3E/wKioL1c8E6nxkOUtAAC1YRAUDu8920.png "title=" 015. PNG "alt=" Wkiol1c8e6nxkoutaac1yraudu8920.png "/>

22. Select "Select a server from the server pool" and click Next

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/3E/wKioL1c8Ff_wi9ocAADMHzdtUQM555.png "title=" 016. PNG "alt=" Wkiol1c8ff_wi9ocaadmhzdtuqm555.png "/>

23. Select "Active Directory Certificate Services" and click Next

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/80/41/wKiom1c8FULhhTH0AADSvkzFB6I952.png "title=" 017. PNG "alt=" Wkiom1c8fulhhth0aadsvkzfb6i952.png "/>

24. Keep the default, click Step

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/80/3E/wKioL1c8FlOh2JX7AADd8okxI28022.png "title=" 018. PNG "alt=" Wkiol1c8floh2jx7aadd8okxi28022.png "/>

25. Keep the default, click Step

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/41/wKiom1c8FZWQW-CTAADNmP5aU4I695.png "title=" 019. PNG "alt=" Wkiom1c8fzwqw-ctaadnmp5au4i695.png "/>

26. Select certification Authority and Certification authority Web enrollment in the role service, leave the default in the Add Roles and Features Wizard that appears, point to add features, and click Next

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/80/3E/wKioL1c8FqewDjWWAAD7xOGBxnc394.png "Title=" 020. PNG "alt=" Wkiol1c8fqewdjwwaad7xogbxnc394.png "/>

27. Keep the default, click Step

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/80/41/wKiom1c8Feig7RS_AADRpCkviyI187.png "title=" 021. PNG "alt=" Wkiom1c8feig7rs_aadrpckviyi187.png "/>

28. Keep the default, click Step

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/41/wKiom1c8Fi-w8hQYAADM0ZlVvMI464.png "title=" 022. PNG "alt=" Wkiom1c8fi-w8hqyaadm0zlvvmi464.png "/>

29. Keep the default, click Step

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/3E/wKioL1c8F0izCv6PAADR7kbIiEc660.png "title=" 023. PNG "alt=" Wkiol1c8f0izcv6paadr7kbiiec660.png "/>

30. When the installation is complete, click Close

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/80/3E/wKioL1c8F26TUs0TAAD4ltzJnFk882.png "title=" 024. PNG "alt=" Wkiol1c8f26tus0taad4ltzjnfk882.png "/>

31. Open Server Manager and click on the "yellow exclamation mark" in the upper right to select "Active Directory Certificate Services" on the configuration target service

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/80/3E/wKioL1c8F5rzXzZSAADjyImnXlA157.png "title=" 025. PNG "alt=" Wkiol1c8f5rzxzzsaadjyimnxla157.png "/>

32. Go to the "ADCS Configuration" wizard, leave the default, click Next

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/3E/wKioL1c8F8HTyFmAAADTDGhha4g976.png "title=" 027. PNG "alt=" Wkiol1c8f8htyfmaaadtdghha4g976.png "/>

33. Select Certification Authority and Certification authority Web enrollment in the role service, click Next

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/80/41/wKiom1c8FwfSZrBKAADOZyEwG5w521.png "title=" 028. PNG "alt=" Wkiom1c8fwfszrbkaadozyewg5w521.png "/>

34. Select "Enterprise CA" and click Next

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/80/3E/wKioL1c8GBihmCsFAACleY8hd-k515.png "title=" 029. PNG "alt=" Wkiol1c8gbihmcsfaacley8hd-k515.png "/>

35. Select "Root CA" and click Next

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/80/3E/wKioL1c8GEnyhUFeAACzVh2YEvs298.png "title=" 030. PNG "alt=" Wkiol1c8genyhufeaaczvh2yevs298.png "/>

36. Select "Use an existing private key"-〉 "Select a certificate session with its associated private key point", click Next

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/3E/wKioL1c8GIWQ_pVMAACUO1y_r5U883.png "title=" 031. PNG "alt=" Wkiol1c8giwq_pvmaacuo1y_r5u883.png "/>

37. In selecting an existing certificate for the CA, select Import, in the Import an existing Certificate dialog box, select the backup file of the Windows ADCA Certificate Server that we copied and enter the password in step (6) of the first section and determine.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/41/wKiom1c8F6iSirgRAAC53xcguyw513.png "title=" 032. PNG "alt=" Wkiom1c8f6isirgraac53xcguyw513.png "/>

38. Select an existing certificate for the CA, select the certificate you just changed, and tick "allow administrator interaction", click Next

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/3E/wKioL1c8GLSBUvOyAACZ4S3va6Y433.png "title=" 033. PNG "alt=" Wkiol1c8glsbuvoyaacz4s3va6y433.png "/>

39. Keep the default, this is the location of the database and the log, click Next

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/3E/wKioL1c8GPLBwccQAACgOwhzt6g132.png "title=" 034. PNG "alt=" Wkiol1c8gplbwccqaacgowhzt6g132.png "/>

40. Here is a list of our configuration information to confirm the point configuration

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/80/3E/wKioL1c8GP7B73M9AADBY7NDsmQ640.png "title=" 035. PNG "alt=" Wkiol1c8gp7b73m9aadby7ndsmq640.png "/>

41. After the configuration is complete, click Close to complete the configuration of the ADCA Certificate Server.

42. Import the Registry files (Ca.reg) that are copied from Windows Server 2003 into the registry.

43. Now we start importing the Windows 2003 CA Certificate Server backup file

44. Open the Server Manager-〉 Tool-〉 Certification Authority

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/3E/wKioL1c8GUCDaj-iAAEf5YZNBDA360.png "title=" 036. PNG "alt=" Wkiol1c8gucdaj-iaaef5yznbda360.png "/>

45. Right-click the CA name (server CA), point to All Tasks, and then click Restore CA.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/3E/wKioL1c8GU_Bt9IOAADmVn81vlo224.png "title=" 037. PNG "alt=" Wkiol1c8gu_bt9ioaadmvn81vlo224.png "/>

46. Prompt for AD Certificate service is running, here is a direct point to OK

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/3E/wKioL1c8GaCy-jWcAAD9aaOVmdk148.png "title=" 038. PNG "alt=" Wkiol1c8gacy-jwcaad9aaovmdk148.png "/>

47. Open the Certificate Authority Restore Wizard, click Next

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M00/80/3E/wKioL1c8GazzHq4nAACOqDaZ9EQ983.png "title=" 039. PNG "alt=" Wkiol1c8gazzhq4naacoqdaz9eq983.png "/>

48. Select "Private key CA Certificate" and "certificate database and certificate database log" and select the Restore directory (the backup file directory we copied in Windows Server 2003), click Next

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/80/41/wKiom1c8GNGSsnENAACR0-tNlsQ684.png "title=" 040. PNG "alt=" Wkiom1c8gngssnenaacr0-tnlsq684.png "/>

49. Enter the password that you set when you back up the CA in Windows Server 2003. Click Next

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/80/41/wKiom1c8GTGx4PitAACdlutZ-UI933.png "title=" 041. PNG "alt=" Wkiom1c8gtgx4pitaacdlutz-ui933.png "/>

50. Prompts you to successfully complete the Certification Authority Restore Wizard, click Finish

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/80/41/wKiom1c8GTyB5JwhAAB9Iqr7tQ4855.png "title=" 042. PNG "alt=" Wkiom1c8gtyb5jwhaab9iqr7tq4855.png "/>

51. You are prompted that the Certificate Server is not started, start now, point "yes"

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/80/41/wKiom1c8GUih3RDVAAD0IMPze20539.png "title=" 043. PNG "alt=" Wkiom1c8guih3rdvaad0impze20539.png "/>

52. In the certification authority, select the issued certificate to verify that our upgrade was successful. (Two certificates have successfully appeared in the certification authority for Windows 2012.)

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/80/3F/wKioL1c8GkDiVKvzAABzWcwNnxE145.png "title=" 044. PNG "alt=" Wkiol1c8gkdivkvzaabzwcwnnxe145.png "/>

This article is from the "Juck Zhang" blog, please be sure to keep this source http://daodefangxiang.blog.51cto.com/8658374/1774758

Windows Server 2003 CA upgrade to Windows Server ADCS