Windows CA Migration part4. Verifying the target CA

In the previous three sections, the CA server on WS2003 has been completely migrated to a different name WS2012R2, and the following will begin to verify the capabilities of the CA.

1. Verify some history of the source CA and whether the issuance records were imported successfully. No problem.

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" Http://img1.51cto.com/attachment/201406/15/8850288_1402803008Awnd.png "height=" 307 "/>

2. Verify that you can apply for a new certificate or renew your old certificate. No problem.

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402803008cb06.png "height=" 284 "/>

650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image002 "src=" http://img1.51cto.com/attachment/201406/15/8850288_1402803009P8zw.jpg "height=" 446 "/>

3, verify the Enterprise PKI in the various locations. There may be one or two forks, and a fork will be used to republish the distribution point using CERTUTIL–CRL.

Re-refresh will generally solve the problem.

If it is still a fork, it indicates that there is a problem with the previous CRL and AIA location modification, then follow the wrong entry to recheck and modify its location, or write the path in the form of replacing the NetBIOS name and FQDN.

650) this.width=650; "title=" image "style=" border-top:0px;border-right:0px;background-image:none;border-bottom:0 px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px; "border=" 0 "alt=" image "src=" http:// Img1.51cto.com/attachment/201406/15/8850288_1402803009az3n.png "height="/>

& #160;

At this point, the CA migration process is all over. This is only a single CA migration process, the environment is relatively simple.

It is much more complex if you are involved in a multi-CA environment (root ca+ subordinate CAs). (and then come and write it)

Microsoft Official guide to CA migration: Because only English version, this article is equivalent to do a translation of it. If there are omissions, please do not hesitate to enlighten.

http://technet.microsoft.com/zh-cn/library/dn486797

This article is from the "Castamere Rainy season" blog, be sure to keep this source http://sodaxu.blog.51cto.com/8850288/1426541