Enterprise Certificate Authority crashed

i have a windows server 2008 Certificate server that crashed and need to know how to introduce an new cert server in the enterprise without causing any problems. can this be done?



absolutely no problem.

Look at section 6 for removing old CA: http://support.microsoft.com/kb/889250
And just install a new CA besides the old (or chrashed one).
Please do a proper job planning new CA;
https://aaronwalrath.wordpress.com/2010/04/16/install-an-enterprise-certificate-authority-in-windows-2008-r2/
https://www.youtube.com/watch?v=ihhkhldofmU
http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx
https://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx



absolutely no problem.

Look at section 6 for removing old CA: http://support.microsoft.com/kb/889250
And just install a new CA besides the old (or chrashed one).
Please do a proper job planning new CA;
https://aaronwalrath.wordpress.com/2010/04/16/install-an-enterprise-certificate-authority-in-windows-2008-r2/
https://www.youtube.com/watch?v=ihhkhldofmU
http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx
https://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx



I'm assuming this was an Enterprise Root CA??

Do you want clients to be able to use their existing certs? If so, you'll need to treat this as a DR exercise.
http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-the-active-directory-certificate-services-adcs.aspx

If you don't mind having to reinstall certs everywhere (basically starting your PKI from scratch) just install a new CA, as Jakob said.



thank you guys. my only concern is when i remove these objects from the AD schema will it create an issue before i stand up another cert server?

thanks
John



not at all..... When migrating from 32-bit Win2003 CA server to new 64-bit 2008/2012 I always have at least 2 different Enterprise CA servers in the domain. Absolutely no issues



Thank you guys; the information was most helpful

Share this

Related Posts

There was an error in this gadget