Skype for Business/lync Certificate Resolution (III): Migration of Certificate Servers

Skype for Business/lync Certificate Resolution (III): Migration of Certificate Servers

• Why should I migrate a Certificate Server?

Usually a certificate-related server to perform a system upgrade, such as the original Certificate Services and DCs coexist in a server, now the DC to upgrade to a new version, this time need to migrate Certificate Services to other servers, it is recommended to migrate Certificate Services to a separate certificate Services dedicated virtual machine, no longer coexist with DCs.

• How do I migrate?

The most authoritative step, of course, follows Microsoft's Official guide: https://technet.microsoft.com/zh-cn/library/ee126170 (v=ws.10). aspx. However, too many steps, may see you disoriented, in fact, each enterprise environment is different, not necessarily do not have to follow this guide to complete all the steps, Microsoft this guide is suitable for all scenarios, in most cases, can greatly simplify the following steps, can be simplified to just a few steps in the red box, the time will take about 10 minutes.

650) this.width=650; "height=" 357 "title=" clip_image001 "style=" border:0px; "alt=" clip_image001 "src=" http:/ S3.51cto.com/wyfs02/m00/71/68/wkiom1xnxiptm5aaaaeyja7bziu389.jpg "border=" 0 "/>

Here are some important red boxes to do some instructions, for specific operations please refer to the Microsoft documentation, this does not repeat.

First red box: Back up the CA database and private key:

Why back up the CA's private key, so that the root certificate will not change after migration, if the root certificate has changed, think of many terminals to re-import the root certificate, migration is meaningless.

Why to back up the CA database, in fact, unprepared CA database problems, not as important as the private key, but there is a problem, such as a message certificate to expire, need to renew, if you do not restore the backup, the certification authority does not have records in the certificate must not be renewed, so the backup or restore, Just the registry doesn't have to be restored.

Is the result of the backup:

650) this.width=650; "height=" 121 "title=" clip_image002 "style=" border:0px; "alt=" clip_image002 "src=" http:/ S3.51cto.com/wyfs02/m01/71/68/wkiom1xnxitjctzjaacmbazc2i0894.jpg "border=" 0 "/>

Also note that when you deploy Certificate Services on a new server, you choose to use an existing private key , such as for the previous backup to take effect.

650) this.width=650; "height=" 561 "title=" clip_image003 "style=" border:0px; "alt=" clip_image003 "src=" http:/ S3.51cto.com/wyfs02/m02/71/68/wkiom1xnxixawz_haajuvt3cq5s698.jpg "border=" 0 "/>

650) this.width=650; "height=" 553 "title=" clip_image004 "style=" border:0px; "alt=" clip_image004 "src=" http:/ S3.51cto.com/wyfs02/m00/71/68/wkiom1xnxibjfg64aaibu5pjgqm889.jpg "border=" 0 "/>

This article is from the "FireWire Technology Brothers Blog" blog, please be sure to keep this source http://huoxian.blog.51cto.com/9437529/1684758

Skype for Business/lync Certificate Resolution (III): Migration of Certificate Servers