Is it possible to retain the same Challenge Password for MSCEP when you migrate a CA? RRS feed

  • Question

  • Hi,

    I am looking to migrate my CA from a Server 2008 R2 VM to a Server 2012 R2 VM.

    I have found a procedure to do this on the MS site which I have tested and am happy with apart from one detail.

    Migrating the CA is straight-forward, but because I then have to install NDES separately, the enrollment challenge password changes.

    This makes sense to me really, it's a new install so it stands to reason that a new PW would be generated.

    I'm just wondering if there is a way round this so my new server uses the same PW as the old one?

    We have a lot of devices that use this challenge PW to acquire certificates, it would be nifty if this password stayed the same.

    I'm pretty confident the answer is no, but worth an ask anyway.

    Tuesday, October 16, 2018 12:42 PM

All replies

  • Sure. It would be nifty, but bad security practice. You should have a policy for password properties like age, length and complexity. The re installation in this case would be a great time to change the password. 


    Monday, December 31, 2018 12:16 PM