Migrate CA clients to new PKI platform RRS feed

  • Question

  • Hi There,

    We are planning to build a new PKI environment (ADCS) as part of VPN project which has additional requirements on PKI which is not satisfied by our current platform and its running on 2008R2. Current PKI environment issues machine certificate to Win10 clients and Servers. These Win10 clients uses computer certificate to connect to Wifi and Direct Access services. New PKI platform will be built in the same active directory domain where the current PKI platform exists . I am are looking for the approach to migrate clients and servers to new PKI platform without any impact. Also one of the question related to impact;

    • Once new PKI platform is ready, I Issue certificate (computer) from new CA servers. There will be a period where computers have certificate from old and new PKI environment. Will there be any impact on clients having two computer certificates authenticating wifi or Direct access services? or since these PKI platforms are part of same AD domain, although certificate is issued by different CA server, honored by another CA? Example; Client having to certificate issued by new PKI platfrom authenticating to NPS server(Service) for WIFI connectivity which has certificate issued by old PKI attached in the NPS service or vice versa
    • Recommendation for safe migration in this context

    Thanks in advance



    Friday, August 23, 2019 3:19 PM

All replies