Recently I was tasked with rebuilding or migrating our Certificate Authority to a new server. The previous server was 8 years old and was holding some pretty critical information. Some of which was a Domain Controller, Certificate Authority, Email, Public Folders, Share Folders, and some Printers. Since our Public Folders were not replicating, that was the first priority. I solved that by changing the IIS port that was configured, once that was solved, the Public Folders took off.
Second challenge was to build a new or migrate our current Certificate Authority. After working on building a new Certificate Authority, I found it to be easiest to go ahead and migrate the CA. In order to do that the server must be the same name as the one that you are taking it off of. This requires some configuration changes that get a little challenging if not properly planned out. This post helped me out the most and got me through all of the configurations and keep moving.
The next problem that I encountered was that I needed to make the CA a domain controller. You can’t dcpromo.exe with the CA installed, causing it to fail. Therefore, I had to uninstall the role of the CA then dcpromo. After that I reinstalled the role of CA, and everything stayed in place, except for importing the certificates.