i have PKI which 2012R2 , and Ent CA key is also going to expire, Root CA still have 10 years
i wish to follow a industry standard for upgrade windows to 2019, and renew the CA cert,
i wonder any microsoft recommandation for upgrade and renew
should i moving the existing root CA cert , and renew ent CA cert,
or just renew Root CA and Ent CA cert, ]
i want a documentation or article for supporting
thank you