Hi guys,
Our root certificate expires next year and we need to renew it ahead of time. It is currently running as an enterpise domain based CA on Server 2003 R2. It is also on a domain controller (not my fault!!).
I'm trying to understand the effects of rewning the certificate. The process seems easy enough - but I don't want to do it and then find we start having issues. The environment was setup years ago by old staff members so I'm not totally clued up on what they did. We have laptops, DC's, servers, ACS boxes, and ASA firewalls with certificates on so need to understand what I'll need to change after the renewal. In my head the laptops, DC's and servers will pick up automatically from AD when they need new certificates, and the other boxes I'll need to manually create new certificates for and apply. Does that sound right? Is there anything else I need to think about?
The other factor is - at some point I need to move off the DC, and move the whole thing to Server 2008R2. Is this the right time to do this now if I'm having to reissue all certificates anyway? Is it possible to create a second CA with a seperate root certificate and roll that out alongside the existing one, before decomission the 2003 CA once everything has a 2008 cert? Not sure if thats possible?
Suggestions or advice much appreciated!
Cheers
Pete