Migrating Certificate Service From Windows Server 2008 R2 to 2019

You are amazing! thanks for the help. had been decades since I did it and needed a refresher.

Thank you- This video is exceptionally well done and accurate. Awesome!

Excellent. One one can explain like you easily with step-step practical lab. Great !

Very helpful. Just what I was looking for. Thank you.

Thx gonna need this soon upgrading production environments .. I may run this in my lab first 😎

Way to make it look easy. Nice work.

There are some certificates very old more than 5 years. Those certificates does not required for business use. How to delete the expired and revoked certificates from ADCS.

Very precise and good presentation

Thanks for shared the information we us !!!!

Thanks for your great content MSFT WebCast,
I have a question for you. If am migrating a Certification Authority which is integrated with Active Directory, I know that CA read and write from NTDS.DIT. If I do a checkpoint on Hypervisor, and then I have problem in migration, can I revert back to that checkpoint or will I have problem as CA read on NTDS.DIT old data?
Thank you

Question - Since you changed the CA name on the destination server. you should set the permissions on the "Active directory sites and services" for the AIA and CDP with the new server name ?

You can't upgrade from 2008 to 2019 straight tough.
You have to update from 2008 to 2012 before to update the database.

Thank you! Awesome video!

What steps will change, if the server being migrated has its private key stored inside a HSM?

hi all your videos are really helpful and professional .do you have video how to Migrating Shared Folder from Server 2008R2 to Server 2019/2022

Thank you!

How about CRL and AIA information URLs, those are still going to point out to old server name which you uninstalled ADCS role.

Have you ever done any PKI Migrations ? If yes do you have 2 tier migration. 1 offline root CA and 2 issuing CA's and 2 web enrollment servers and a AD. These certs are used only for internal purpose.

Can we do an in place upgrade of 2008 Certificate Authority to 2019 on the same box?

Great~!

Shown method didn't worked for me in two tire CA environment. Could you please provide more details on this

This worked great thanks!

Super video ! Merci

Does anyone know if certificates are already handed out, when you uninstall the roles from the original server, will that cause any downtime of the current certs?

Nice video, good to know. But we rather build new from scrath in our case. (more hope we can run an old hyper-v installation on 2019 instead)

Quick question...Once you move to the new CA Server, will AD automatically update the certs to the machines and say network appliances? Or will that need to be done manually?

Can we apply the same in 2012R2 to 2019 ?

Should I also change the "WebClientCAMachine" ?

how would this process differ if you have both a Root CA and a Sub CA?

Hi there! When I'm trying to backup CA from winsrv 2008r2 im getting this message: 'Windows cannot back up one or more private keys because the CSP does not support key export. Do you want to continue and back up only the private keys thac can be exported?".
Maybe somebody could give me advice on what to do with this error and what could be the consequences if you backup only private keys that can be exported? Thanks!

Good

nice video

Hello,
my CA has 1024 bit RSA encryption. How to renew for 2048?

What CA migration is this? ROOT or Enterprise?

how can we keep the same CA server name as the old one?

okk

What steps will change, if the server being migrated has its private key stored inside a HSM?