Upgrading Root Certificate Authority from Windows Server 2012R2 to 2022: What to Expect?

It's super easy and well documented! I found a video on YouTube where a guy walks you through the whole process step by step—definitely worth checking out!

Don't forget to export your root CA along with the private key, and make sure it's password-protected. If anything goes sideways, you can always rebuild the root CA and import the old certificate.

You should be fine! Just make sure you have good backups and snapshots before starting. There's plenty of guides available to help you through it, so don’t hesitate to use those resources.

Given that you’re not too familiar with certificate authorities, I suggest creating and upgrading a test CA in a lab environment first. Mistakes with root CAs can lead to significant issues. If you have a subordinate CA, that’s good too; it will help mitigate risks since only CRL updates will be affected temporarily.

I actually set up a new CA and migrated everything over to it instead of upgrading. It might be a smoother approach without any risk of breaking your existing setup.

An in-place upgrade is indeed supported, but just a heads up: you should back up your CA and remove it before starting the upgrade, then reinstall and restore afterward. Microsoft has some detailed instructions for this process.