Migrating Certificate Service From Windows Server 2008 R2 to 2019

There are some certificates very old more than 5 years. Those certificates does not required for business use. How to delete the expired and revoked certificates from ADCS.

You can't upgrade from 2008 to 2019 straight tough.
You have to update from 2008 to 2012 before to update the database.

Thanks for your great content MSFT WebCast,
I have a question for you. If am migrating a Certification Authority which is integrated with Active Directory, I know that CA read and write from NTDS.DIT. If I do a checkpoint on Hypervisor, and then I have problem in migration, can I revert back to that checkpoint or will I have problem as CA read on NTDS.DIT old data?
Thank you

What steps will change, if the server being migrated has its private key stored inside a HSM?

Thank you- This video is exceptionally well done and accurate. Awesome!

Very helpful. Just what I was looking for. Thank you.

Question - Since you changed the CA name on the destination server. you should set the permissions on the "Active directory sites and services" for the AIA and CDP with the new server name ?

You are amazing! thanks for the help. had been decades since I did it and needed a refresher.

Thx gonna need this soon upgrading production environments .. I may run this in my lab first 😎

Shown method didn't worked for me in two tire CA environment. Could you please provide more details on this

How about CRL and AIA information URLs, those are still going to point out to old server name which you uninstalled ADCS role.

Have you ever done any PKI Migrations ? If yes do you have 2 tier migration. 1 offline root CA and 2 issuing CA's and 2 web enrollment servers and a AD. These certs are used only for internal purpose.

Thanks for shared the information we us !!!!

Can we do an in place upgrade of 2008 Certificate Authority to 2019 on the same box?

hi all your videos are really helpful and professional .do you have video how to Migrating Shared Folder from Server 2008R2 to Server 2019/2022

Way to make it look easy. Nice work.

Thank you!

What steps will change, if the server being migrated has its private key stored inside a HSM?

Excellent. One one can explain like you easily with step-step practical lab. Great !

Very precise and good presentation

Does anyone know if certificates are already handed out, when you uninstall the roles from the original server, will that cause any downtime of the current certs?

Hi there! When I'm trying to backup CA from winsrv 2008r2 im getting this message: 'Windows cannot back up one or more private keys because the CSP does not support key export. Do you want to continue and back up only the private keys thac can be exported?".
Maybe somebody could give me advice on what to do with this error and what could be the consequences if you backup only private keys that can be exported? Thanks!

Quick question...Once you move to the new CA Server, will AD automatically update the certs to the machines and say network appliances? Or will that need to be done manually?

Nice video, good to know. But we rather build new from scrath in our case. (more hope we can run an old hyper-v installation on 2019 instead)

Great~!

Can we apply the same in 2012R2 to 2019 ?

how would this process differ if you have both a Root CA and a Sub CA?

Thank you! Awesome video!

This worked great thanks!

Should I also change the "WebClientCAMachine" ?

Hello,
my CA has 1024 bit RSA encryption. How to renew for 2048?

What CA migration is this? ROOT or Enterprise?

Super video ! Merci

okk

Good

how can we keep the same CA server name as the old one?

nice video