This is simple one Tier Setup in a test environment. Old CA & New CA both are DC & ROOT CA. There is no SUB CA. In every environment we should have multiple SUB CAs so we have to change registry keys during migration & that is mentioned on this blog. First, transferred the FSMO from old CA to new CA & performed the CA backup then shutdown the box. Here we don't have any CDP & AIA published through HTTP and no Capolicy.inf . If you have CDP & AIA published through HTTP and Capolicy.inf then you need to do few additional steps. Created a CNAME of the OLD server & that associated with a new one after decommissioning the OLD server so CDP & AIA repository should be recognized after decommissioning the OLD server. Here we are migrating a ROOT CA from Windows Server 2008 R2 to Windows Server 2012 with a Different Host Name. PKIVIEW.msc from the ROOT CA & all seems OK. Backup the DATABASE & PFX - Taking the backup from the certificate authority. We are taking the backup of the DATABASE & Private KEY(.PFX). Putting the password for securing the .PFX. REGISTRY backup- Taking the REGISTRY backup. After taking the REGISTRY backup, remove the CA role from that server & shutdown that system. Copy the backup(DATABASE,PFX & REGISTRY) to the new CA Server. Installing the CA Role on the NEW CA Server. Need to use the existing PFX. Selecting the PFX. Putting in the password. Restoring the DATABASE. Restoring the DATABASE. Restored the OLD Registry backup into the new SERVER & after restoring the REGISTRY need to modify the below KEY & need to modify "ParentCAMachine" in SUB CAs.
Above Reg Keys need to change. Need to PUT the NEW server name. Setting the CDP Permission- Using dssite.msc for setting those permissions. AIA & CDP permission need to set for the new Server . After rebooting the NEW CA SERVER SEE the PKIVIEW.MSC & all seem OK. Above STEPS are the key steps for the migration but we need consider the all below steps for the Root/issueing CAs.