Our internal CA is installed on one of our Exchange servers. Exchange is being migrated from 2010 to 2013, so all current Exchange servers will decommissioned and replaced with new new Hyper-V VMs with either Server 2008 R2 or 2012 R2 OS. The old VM containing Exchange 2010 and the current CA will go away since we cannot afford to use the server resources and use up the required Windows license to keep that server running doing nothing but acting as a CA.
So, we will either need to move the CA to the new replacement Exchange 2013 server or some other existing server that's being used for something else (maybe one of the domain controllers).
What is the best way to handle this? I don't think the migration from Exchange 2010 to 2013 allows for reusing the same host name on the replacement server and if we move the CA to another existing server, it will also be on a server with a new host name anyways.
Can we migrate the CA to a new server with a different host name?
What about reissuing all the active certificates from the current server to replace them with new certificates from the new server and then decommissioning the original CA? Can this be automated in some way?
Which way is best and how would it be done?