ADCS Migration Windows Certification Authority

Migration Windows certification authority to server with another name

On the ‘Source’ server, open the certificate services management console

Right click on the CA name => All tasks => Save.

The backup wizard will open, Check both options

Select a backup location => Next.

Set a password, Next => Finish.

We now need to make a backup of the registry key that contains the information for this CA server. Run ‘regedit’.

Export a copy of this registry key which is found in: HKEY_LOCAL_MACHINE> SYSTEM> CurrentControlSet> Services> CertSvc> Configuration> { Name of your CA }

We must now uninstall the CA service from this server.

Go to Server Manager => Manage => Delete roles and services => Next.

Remove all CA role services first!

Again and select “Active Directory Certificate Services” => In the pop-up window, select “Remove Features” => Next.

Install the certificate service on the new server

On the new Server go to Server Manager => Add roles and functionalities => Next.

Select “Active Directory Certificate Services” => Add Features => Next.

Configure the certificate service on the new server

Next => Enterprise Certification Authority => Root Certification Authority => Next.

Select ‘Use existing private key’ => Select ‘Select a certificate and use its associated private key’ => Next

Import => Browse => In your backup folder locate the certificate => Enter the password => OK => Select the certificate => Next.

Leave everything else by default

Once the installation is finished, you will have to stop the certificate services

From a command prompt in administrator mode type: net stop certsvc

If your new server has a different host name / FQDN, open the registry file you exported above with Notepad, locate and replace the entry CAServerName with the name of the NEW server.

Right click on the registry backup => Merge => Yes => OK.

Launch the certificate services management console => Right-click on the name of the certification authority => All tasks => Restore the certification authority.

The restore wizard starts => Next => Navigate to the folder with your backup => Next => Enter the password you used => Next => Finish.

Once complete, you will be prompted to start the Certificate Services service => Yes.

Your CA has been migrated you can request a certificate to see if everything is good.