Hello,
We have a CA role installed on one of the windows 2008 server. We are planning to move this Certificate Authority role to another server as the existing server is going to be decommissioned soon.
Currently we have only one CA server (Single tier, both root and issuing authority) in the domain. This CA issues certificates to Domain Controller via autoenroll and other certificates are issued manually by requesting. These certificates are installed in Lync and few other servers.
I am aware of the steps mentioned in technet about moving the CA role to another server.
http://technet.microsoft.com/en-us/library/cc755153(v=ws.10).aspx
Once role is moved, do I need to reissue the certificates because the CRL mentioned in the existing certificate still points to the old server? or how do I ensure old certificates still works even thogh role is moved to another server. Also I would like to know how do I performe proper impact analysis like what all the certificates issued and as-is set-up of the CA.
Mahesh