question

Suhasini avatar image
0 Votes"
Suhasini asked DaisyZhou-MSFT commented

certificate renewal from new CA server

We have a new CA server (side by side ) deployed with old CA server .
currently we have some server certificates issued by Old CA server in production
I want to know if there is a cleaner way to issue new certificate from new CA server to an existing server\computer currently using certificate from old CA.

goal is to have minimum downtime

windows-server
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Suhasini,

I'm just following up to make sure you received my last reply and that my answers properly address your questions. If you have any further questions or concerns about this post, please let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.


0 Votes 0 ·

1 Answer

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @Suhasini,

Thank you for posting here.

Here is the answer for your reference.

Q: if there is a cleaner way to issue new certificate from new CA server to an existing server\computer currently using certificate from old CA.
A: Based on the description, the new CA server and the old CA server are in the same domain.

Please refer to the steps below.

1.Please give the read and enroll permissions to the existing servers\computers (this should be done, because you have issue certificate to these servers\computers from old CA).

For example:

118886-cert1.png

2.Please issue the same certificate template to new CA server.
Logon new CA server with domain Administrator account and open Certification Authority. Right click Certificate Template container->New->Certificate Template to Issue.

For example:
118965-cert2.png

3.Log on the server\computer using Administrator account (local admin or domain Admin) and issue new certificate from new CA server (I assume you want to issue machine certificate).

4.Type certlm.msc and click Enter.

5.Right click the Certificates under Personal->right click Certificates->All Tasks->Request new certificate->Next ->Next ->Select new CA server as below.

118919-cert3.png

118887-cert4.png


Hope the information above is helpful to you.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.



cert1.png (28.4 KiB)
cert2.png (44.1 KiB)
cert3.png (30.1 KiB)
cert4.png (35.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.