Blog Post

ITOps Talk Blog
4 MIN READ

Step-By-Step: Migrating The Active Directory Certificate Service From Windows Server 2008 R2 to 2019

AnthonyBartolo's avatar
AnthonyBartolo
Icon for Microsoft rankMicrosoft
Jun 18, 2019
End of support for Windows Server 2008 R2 has been slated by Microsoft for January 14th 2020.  Said announcement increased interest in a previous post detailing steps on Active Directory Certificate ...
Updated Jul 09, 2021
Version 9.0
anthony bartolo
windows server
Richard Pasztor's avatar
Richard Pasztor
Copper Contributor
Sep 01, 2019

Thepkiguy Your comment and observation is a giant spot on! All these oversimplified migration guides from MSFT employees, that are simple next-next-finish-YouAreDone are extremely misleading. An advanced PKI in production needs a very careful planning, otherwise you can search for new job the next week... These blog posts wont reveal such depths, and thats the dangerous part if you read this post.

 

How about multi-tier PKI? Oopsie, havent thought about that. How to handle offline rootca? Hmm, I forgot that. Sha1 to Sha2 key migrarion? Ooo... And the list goes on and on and on and on and on abd on... Hint: there is no recent MSPRESS book about Windows PKI since Brian Komars 2008 book (yep, 10yrs old, and doesnt handle many PKI and crypto fundamentals at all, that is required for the windows admin to even understand what they are doing with that sha1->sha2 change etc.)