Background: RootCA setup (not by me) 5 years ago on 2003 server and a subordinate RootCA on 2008R2 server a year ago (on a DC). Required to retire the 2003 server (and conveniently its CA cert is about to expire).
Between the 2 servers there are some Domain Controller, Domain Controller Authentication, Directory Email Replication, Basic EFS and some manually requested certificates.
I know I can migrate the RootCA to another server but I don't really want to carry the old RootCA name as it refers to 2003!
Can I setup another independent RootCA to run in parallel with the old one and let the old CA cert expire?
I am fine with re-requesting the manually requested certs from the new RootCA, but will the Domain Controller, Basic EFS certs and all the others I listed above automatically get a new cert from the new CA??
Once I was happy with the new RootCA functioning, I would carry out the cleanup routine on both the old RootCA and subordinate as in:
http://support.microsoft.com/kb/889250
Anything else I should be wary of?