Archive for the ‘certutil’ Category

"Rip and Replace" certificate services from Windows Server 2003 to 2008

September 29th, 2008 Comments off

Is it possible to migrate a Windows Server 2003 based Certification Authority to Windows Server 2008?

The answer is yes but you need all detailes in the Active Directory Certificate Services Upgrade and Migration Guide from Microsoft found at

The short answer would be that you need to performe the following steps:

  1. Backup your existing CA using the certutil -backup command
  2. Install the new Windows Server 2008 CA with the same name as the replaced server
  3. Add the ADCS role and import the CA-certificate from the backup
  4. Upgrade the templates to WS2008
  5. Restore the old CA database using the certutil -restore  command



Categories: ADCS, certutil, Security, Windows Server 2008 Tags: