Hey I going to migrate Stand-alone CA (1 level) from 2003 to 2008 (2 level). I tested this solution and doing this in this way: 1. Backup 2003 CA 2. Restore this in 2008 Std Stand-alone root CS (all certificates are view in proper place - issued, revoked etc.) 3. Installed 2008 Ent Enterprise subordinate CS and first question here 3.a) should I choose 'Create a new private key' or choose existing? 3.b) the name of this CS should be the same as Stand-alone root CS or I can type different name? 4. On training purpouse I choose new key and different name, and finished installation with getting certificate sign from Stand-alone root CS. But I'm wondering because on subordinate CS I don't see any certificates which are on stand-alone CS. It is normal situation and certificates issued by the subordinate CS will match to this which are already issued by old CA? Also already issued certificates will not stop working after that migration?

Hi, To migrate CA from Windows Server 2003 to Windows Server 2008, you can refer to this ADCS migration guide: Active Directory Certificate Services Upgrade and Migration Guide http://technet.microsoft.com/en-us/library/cc742515(v=ws.10).aspx Regarding your questions about creating a new private key and typing different name, you need to do that and request a certificate from Root CA. The subordinate CA cannot be used until it has been issued a root CA certificate and this certificate has been used to complete the installation of the subordinate CA. For more information, please refer to: Install a Subordinate Certification Authority http://technet.microsoft.com/en-us/library/cc772192(v=ws.10).aspx Active Directory Certificate Services Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc772393(v=ws.10).aspx Hope this helps. Regards, Bruce

Is there possibility to migrate CA from that scenario: Now: 1. 2003Std CA Ent root to 1. 2008Std CA Stand-alone root - which will be turn off after issue certificate for subordinate CA 2. 2008Ent CA Ent subordinate ?

Hi, Yes, Migrating from Windows Server 2003 Enterprise to Windows Server 2008 stand-alone is supported. Please refer to the Supported migrations section in the following article: Planning the Upgrade or Migration http://technet.microsoft.com/en-us/library/cc742466(v=ws.10).aspx After migration, you can create Windows Server 2008 Enterprise Subordinate CA according to the articles in my first reply. Regards, Bruce