Windows CA Migration Part1. Backing up the source CA

Source: Internet
Author: User
Tags cas

in the previous article it was mentioned that WS2003 was about to stop supporting, so the migrated projects began to get more. The migration of CAS is particularly important. The span of migration from Windows Server 2003 to Windows Server R2 is renamed or not renamed. The actual migration scenario is an issue that needs to be considered. (because CAs often coexist with other services, it is highly likely that a change of name is required.) )

This article only describes the single root CA renamed migration, the steps are more, the actual operation of the process requires sufficient patience and careful to ensure that no problem.

1. First back up the source server CA settings: Backup directory is C:\CABackup

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://img1.51cto.com/attachment/201406/15/8850288_14027986477Kf7.png "height=" 575 "/>

650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://img1.51cto.com/attachment/201406/15/8850288_1402798647mEm0.jpg" height= "453"/>

650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://img1.51cto.com/attachment/201406/15/8850288_140279864817Mp.jpg" height= "451"/>

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402798648jrc7.png "height=" 218 "/>650) this.width=650;" Title= " clip_image012 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px; padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" clip_image012 "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402798648hdko.jpg "height=" 225 "/>

2. Backup certificate Template: Backup files are also put in C:\CAbackup.

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://img1.51cto.com/attachment/201406/15/8850288_1402798649NYgO.png "height=" 539 "/>

3. Back up the CA registry information and need to stop the CA service when backing up. The backup file is also placed under C:\CAbackup, and the registry path

650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image016" src= "http://img1.51cto.com/attachment/201406/15/8850288_14027986496r4S.jpg" height= "247"/>

650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image018 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798650Vit8.jpg "height=" 518 "/>

4. Backup Signature Algorithm and CSP information

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402798650rwbd.png "height=" 369 "/>

5. Backup the AIA and CRL configuration information for the source CA. In particular, when you have a custom CRL distribution point, remember the setting location that is checked below.

In the lab environment, the tick properties of distribution points and access points remain essentially the default. But this is something that needs to be remembered in the real world.

650) this.width=650; "title=" image "style=" Border-top:0px;border-right:0px;background-image:none;border-bottom : 0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src="/HTTP/ Img1.51cto.com/attachment/201406/15/8850288_1402798650sbep.png "height=" 362 "/>650) this.width=650;" Title= " Image "Style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px; padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http://img1.51cto.com/attachment /201406/15/8850288_1402798651dlxg.png "height=" 364 "/>

650) this.width=650; "title=" clip_image026 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image026 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798651TZdN.jpg "height=" 352 "/> 650) this.width=650, "title=" clip_image028 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image028 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798652yva8.jpg "height=" 353 "/>

650) this.width=650; "title=" clip_image030 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image030 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798652Qa6W.jpg "height=" 343 "/> 650) this.width=650, "title=" clip_image032 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image032 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798652Zvhl.jpg "height=" 345 "/>

650) this.width=650; "title=" clip_image034 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image034 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798653Fm4E.jpg "height=" 333 "/> 650) this.width=650, "title=" clip_image036 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image036 "src=" http://img1.51cto.com/attachment/201406/15/8850288_14027986531GVE.jpg "height=" 338 "/>

6, in some environments will also involve the certificate policy, if there is a certificate policy, you should back up the CAPolicy.inf file under%systemroot%.

In general, it is C:\WINDOWS\CAPolicy.inf.

It is better to open the display system files and hidden files, in the C disk search. Make sure the file location.

7. After all backups have been completed, remove the CA role from the source CA server

650) this.width=650; "title=" clip_image002[7] "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "Clip_image002[7]" src= "http://img1.51cto.com/attachment/201406/15/8850288_1402798654CbAu.jpg" height= "350"/ >

At this point, the backup of the source CA server is done. Next, start preparing the target CA server.

This article is from the "Castamere Rainy season" blog, be sure to keep this source http://sodaxu.blog.51cto.com/8850288/1426503

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.