標籤:windows 遷移 ca ad 認證遷移
在之前的文章裡提到WS2003即將停止支援,所以遷移的項目開始多了起來。CA的遷移尤為重要。從windows server 2003 遷移至windows server 2012 R2的跨度,改名還是不改名。在實際遷移情境中都是需要考慮的問題。(由於CA往往與其他的服務共存,所以有極大的可能是需要改名遷移。)本文只介紹單台根CA改名遷移,步驟比較多,實際操作過程中需要足夠的耐心和細心才能保證不出問題。
1、首先備份原始伺服器CA設定:備份目錄為C:\CABackup
650) this.width=650;" title="image" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px;" border="0" alt="image" src="http://img1.51cto.com/attachment/201406/15/8850288_14027986477Kf7.png" height="575" />
650) this.width=650;" title="clip_image006" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image006" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798647mEm0.jpg" height="453" />
650) this.width=650;" title="clip_image008" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image008" src="http://img1.51cto.com/attachment/201406/15/8850288_140279864817Mp.jpg" height="451" />
650) this.width=650;" title="image" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="image" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798648Jrc7.png" height="218" />650) this.width=650;" title="clip_image012" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image012" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798648hDKo.jpg" height="225" />
2、備份憑證範本:備份檔案也放在C:\CAbackup裡
650) this.width=650;" title="image" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px;" border="0" alt="image" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798649NYgO.png" height="539" />
3、備份CA註冊表資訊,備份時需要停止CA服務。備份檔案同樣放在C:\CAbackup下,註冊表路徑
650) this.width=650;" title="clip_image016" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image016" src="http://img1.51cto.com/attachment/201406/15/8850288_14027986496r4S.jpg" height="247" />
650) this.width=650;" title="clip_image018" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image018" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798650Vit8.jpg" height="518" />
4、備份簽名演算法與CSP資訊
650) this.width=650;" title="image" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="image" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798650RWBD.png" height="369" />
5、備份源CA的AIA與CRL配置資訊。特別是有自訂CRL發佈點時,記住下面勾選的設定位置。
實驗環境,發佈點和訪問點的勾選屬性基本保持預設。但實際環境中還是需要記住這一點的。
650) this.width=650;" title="image" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="image" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798650SbEp.png" height="362" />650) this.width=650;" title="image" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="image" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798651dlxg.png" height="364" />
650) this.width=650;" title="clip_image026" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image026" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798651TZdN.jpg" height="352" /> 650) this.width=650;" title="clip_image028" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image028" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798652yva8.jpg" height="353" />
650) this.width=650;" title="clip_image030" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image030" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798652Qa6W.jpg" height="343" /> 650) this.width=650;" title="clip_image032" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image032" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798652Zvhl.jpg" height="345" />
650) this.width=650;" title="clip_image034" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image034" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798653Fm4E.jpg" height="333" /> 650) this.width=650;" title="clip_image036" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image036" src="http://img1.51cto.com/attachment/201406/15/8850288_14027986531GVE.jpg" height="338" />
6、在一些環境裡還會涉及到憑證原則,如果存在憑證原則,則應該備份%SystemRoot%下的CAPolicy.inf檔案。
一般情況下則是 C:\WINDOWS\CAPolicy.inf。
最好開啟顯示系統檔案和隱藏檔案,在C盤搜尋一下。確保該檔案位置。
7、全部備份完畢後,在源CA伺服器上移除CA角色
650) this.width=650;" title="clip_image002[7]" style="border-top:0px;border-right:0px;background-image:none;border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px;" border="0" alt="clip_image002[7]" src="http://img1.51cto.com/attachment/201406/15/8850288_1402798654CbAu.jpg" height="350" />
至此,源CA伺服器的備份就做完了。下一步開始準備目標CA伺服器。
本文出自 “卡斯特梅的雨季” 部落格,請務必保留此出處http://sodaxu.blog.51cto.com/8850288/1426503
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
