I'm trying to migrate a subordinate CA to a new server, but I'm running into some major issues. I backed up the old CA certificate, database, and registry files, and after removing the CA role and renaming the old server, I set up the new server with the same name and imported the registry. However, the new CA won't start because it claims the certificate revocation list (CRL) is offline. Initially, I had trouble accessing the CRL URL, but after tweaking some permissions, I can access it now in my browser. The problem is that while I can download the CRL by right-clicking and saving, it shows as invalid when I try to download it normally through the browser. I managed to get the CA to start by configuring it to ignore the CRL, but now I don't see any of the existing certificates, only a new one has been issued to a domain controller. Also, PKIView still can't download any certificate files even after I rebooted. Anyone have any idea what's going wrong?
2 Answers
I totally understand your need to maintain your CA, especially with the Intune Certificate Connector in play. But migrating can sometimes introduce complexities that aren't worth it. If you're just looking to streamline things, you might consider setting up a new subordinate CA and making adjustments there. It's more work upfront, but it can save you a lot of headaches in the long run! Just some food for thought.
It sounds like you're running into a couple of issues here. First off, have you checked where the CRL is hosted? If the root CA's CRL is on the subordinate CA, did you install the IIS role correctly and place the CRL files in the appropriate directory? You mentioned importing the registry, but ensure that the backup from the old server was also restored properly. Just a thought, but maybe re-evaluating why you're migrating this subordinate CA instead of setting up a new one could simplify things too.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures