We are migrating all our on-prem servers to Azure, and planning to migrate our two-tier certificate authority as well.
We have a stand-alone Root CA that is powered off VM.
Also, an enterprise subordinate issuing CA VM that is domain-joined.
Our plan is to set up new VMs in Azure and migrate the roles over.
Considering the fact that security-wise, the Root CA would be in the cloud and exposed compared to the on-prem physical machine, should change to one Tier instead? Is that even an option for our setup? If so, do you know a step-by-step document?
We would have different names and IPs in Azure, but reading the MS documents, it appears the names and IPs can be different, just wanted to know if anyone has performed the migration with new names and IPs.?
Is there an up-to-date, reliable step-by-step document when it comes to two-tier migration? we can see some older documents that are applicable to the 2012 Server not newer versions