Hi there,
Im about to migrate our certificate authority server from windows 2003 R2 to windows server 2012.
I've tested this in the lab and it seems like a pretty straight forward upgrade. (build new server, backup cert database and restore to new server keeping the CA name the same.
However, im just curious as to what happens to the CRL distribution points.
For instance my old CA is server1 and its CRL distribution point to ldap:///CN=MyOrg,CN=server1,.... and URL=http://server1/certenrol/Myorg.crl
So for any certificates generated on server1, they will go to the old URL and LDAP paths for a CRL check.
When I built my new server called server2 and restored the private key and Certificate database.
I generated a cert from server2 and the CRL distribution point is ldap://CN=Myorg,CN=server2.... and I noticed I don't have a http URL in the cert details. So when old certs do a CRL check to the server1 and the URL path doesn't exist anymore because the server has been decommissioned, what happens? will they get errors?