Hello,
I have a RootCA running windows 2003 ENT SP2 and I made an upgrade to a new machine (newer HW) and Windows 2008 R2. The original rootCA was configured with an HSM, so the backup CA is not an option for me since the keys can not be exported (I dont have a .p12 file).
I exported the HSM settings together with the keys (HSM vendor's procedure) and during the CA setup wizard, I select the option: "Use existing private key” and then “Select an existing private key on this computer” . Then I click on "edit" select the correct CSP (the one from the HSM) and click on "Search". The private key appears immediately, I select it and i keep going with the installation. It all goes smoothly and CA services are correctly installed.
The problem is that the SKI of the new CA certificate does not match with the SKI of the original CA certificate, it is changed somehow during the installation.
I have performed the same test, but migrating to another windows 2003 server, and the SKI is kept exactly the same, there is no difference (maybe the way the SKI is generated is different from windows 2003 to 2008).
My applications communicate to each other using this SKI, replacing it everywhere is something that i dont want to consider.
Does somebody know if it is possible to force this setting to be kept?
Thanks in advance
Best regards