Forum Discussion
Migrating Certificate Services
I am looking into migrating our Certificate Services running on 2008R2 to 2016. There is no documentation specifically for migrating the role to 2016 here https://docs.microsoft.com/en-us/windows-se...
I am not sure if I would migrate as the Hash and key lenght might need to be changed to be more secure. I know we have moved off of SHA1 to SHA256/512 and our root, Intermediate, & Issuing Keys are 4096, then our client keys are 2048. What I have done in the past is stand up the new environment. Create new Cert Templates and have the new server issue them. Stop issuing from the old servers, then we can make sure all the new certs are being issues from the new environment and then mirgate what we can to the new servers. That is my 2 cents.
I had not thought of that Mike, I will investigate that route. What are your thoughts of doing in place upgrades of the host OS.