Migrate Root Certificate Authority from WS2003 to WS2016


  • Hello everybody !

    Our root certificate authority is still hosted on a 2003 server. And the CA certificate is still in SHA1.

    So I want to migrate to a new 2016 server, and to migrate the algorithm from SHA1 to SHA2.

    My Root Certificate authority is on a domain-member 2003 server, but with the certificate services stopped.

    Root Certificate Authority

    And we have an online sub CA in 2012.

    What is the best migration strategy ? First migrate to a new server and then migrate to sha2 ? Or the inverse ?

    Today our root CA is a domain-member. Can we migrate to a standalone server to respect the best practices ?

    Friday, May 11, 2018 8:13 AM

All replies