Windows CA Migration Part1. Backing up the source CA

in the previous article it was mentioned that WS2003 was about to stop supporting, so the migrated projects began to get more. The migration of CAS is particularly important. The span of migration from Windows Server 2003 to Windows Server R2 is renamed or not renamed. The actual migration scenario is an issue that needs to be considered. (because CAs often coexist with other services, it is highly likely that a change of name is required.) )

This article only describes the single root CA renamed migration, the steps are more, the actual operation of the process requires sufficient patience and careful to ensure that no problem.

1. First back up the source server CA settings: Backup directory is C:\CABackup

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://img1.51cto.com/attachment/201406/15/8850288_14027986477Kf7.png "height=" 575 "/>

650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://img1.51cto.com/attachment/201406/15/8850288_1402798647mEm0.jpg" height= "453"/>

650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://img1.51cto.com/attachment/201406/15/8850288_140279864817Mp.jpg" height= "451"/>

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402798648jrc7.png "height=" 218 "/>650) this.width=650;" Title= " clip_image012 "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px; padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" clip_image012 "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402798648hdko.jpg "height=" 225 "/>

2. Backup certificate Template: Backup files are also put in C:\CAbackup.

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://img1.51cto.com/attachment/201406/15/8850288_1402798649NYgO.png "height=" 539 "/>

3. Back up the CA registry information and need to stop the CA service when backing up. The backup file is also placed under C:\CAbackup, and the registry path

650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image016" src= "http://img1.51cto.com/attachment/201406/15/8850288_14027986496r4S.jpg" height= "247"/>

650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image018 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798650Vit8.jpg "height=" 518 "/>

4. Backup Signature Algorithm and CSP information

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402798650rwbd.png "height=" 369 "/>

5. Backup the AIA and CRL configuration information for the source CA. In particular, when you have a custom CRL distribution point, remember the setting location that is checked below.

In the lab environment, the tick properties of distribution points and access points remain essentially the default. But this is something that needs to be remembered in the real world.

650) this.width=650; "title=" image "style=" Border-top:0px;border-right:0px;background-image:none;border-bottom : 0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src="/HTTP/ Img1.51cto.com/attachment/201406/15/8850288_1402798650sbep.png "height=" 362 "/>650) this.width=650;" Title= " Image "Style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px; padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http://img1.51cto.com/attachment /201406/15/8850288_1402798651dlxg.png "height=" 364 "/>

650) this.width=650; "title=" clip_image026 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image026 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798651TZdN.jpg "height=" 352 "/> 650) this.width=650, "title=" clip_image028 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image028 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798652yva8.jpg "height=" 353 "/>

650) this.width=650; "title=" clip_image030 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image030 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798652Qa6W.jpg "height=" 343 "/> 650) this.width=650, "title=" clip_image032 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image032 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798652Zvhl.jpg "height=" 345 "/>

650) this.width=650; "title=" clip_image034 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image034 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402798653Fm4E.jpg "height=" 333 "/> 650) this.width=650, "title=" clip_image036 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image036 "src=" http://img1.51cto.com/attachment/201406/15/8850288_14027986531GVE.jpg "height=" 338 "/>

6, in some environments will also involve the certificate policy, if there is a certificate policy, you should back up the CAPolicy.inf file under%systemroot%.

In general, it is C:\WINDOWS\CAPolicy.inf.

It is better to open the display system files and hidden files, in the C disk search. Make sure the file location.

7. After all backups have been completed, remove the CA role from the source CA server

650) this.width=650; "title=" clip_image002[7] "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "Clip_image002[7]" src= "http://img1.51cto.com/attachment/201406/15/8850288_1402798654CbAu.jpg" height= "350"/ >

At this point, the backup of the source CA server is done. Next, start preparing the target CA server.

This article is from the "Castamere Rainy season" blog, be sure to keep this source http://sodaxu.blog.51cto.com/8850288/1426503