Windows Certificate authority

Nithyanandham Singaravadivelu 1 Reputation point
2023-07-23T10:30:57.5566667+00:00

Dear All,

We have situation where we need to physically migrate one of our datacenter to different location

We have single windows enterprise root CA server, As a part of this lift and shift activity, the windows server with enterprise root CA will be in the shutdown state for minimum 3 days, After this period it will be in the up and running state

We need to understand what will be the impacts when the server is not running for 3 days and recommend us with the pre checks that I need to perform before we shutdown the CA server

Thanks in advance.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,709 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Hania Lian (Shanghai Wicresoft Co,.Ltd.) 5,516 Reputation points Microsoft Vendor
    2023-07-24T08:41:00.4933333+00:00

    Hi @Nithyanandham Singaravadivelu

    When your Windows Enterprise Root CA server is shut down for a minimum of three days, there may be several potential impacts on your organization's operations. Before shutting down the server, it's important to assess these impacts and perform the necessary pre-checks to minimize any potential issues.

    Potential impacts:

    • Certificate issuance: Your organization will not be able to issue new certificates during the downtime.
    • Certificate renewals: If any certificates expire during the downtime, they will not be able to be renewed, potentially causing outages or disruptions.
    • Revocation of certificates: If a certificate needs to be revoked during the downtime, it will not be possible until the server is back online.
    • Trust chain validation: Any systems that rely on the root CA for certificate validation may encounter issues during the downtime, as they will not be able to verify the trust chain.

    Pre-checks:

    • Review certificate expiration dates: Ensure that no critical certificates are set to expire during the downtime. If necessary, consider extending the validity of certificates that are due to expire during this period.
    • Verify system dependencies: Identify any systems or services that rely on the root CA for certificate validation and ensure they can function without the root CA for the duration of the downtime.

    Hope the information is helpful.

    Best Regards,

    Hania Lian

    ============================================
    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. Nithyanandham Singaravadivelu 1 Reputation point
    2023-07-25T09:16:35.0366667+00:00

    Hi @Hania Lian (Shanghai Wicresoft Co,.Ltd.)

    Thank you for your detailed response and i understand the potential impacts and pre checks to be done. But one thing i wanted to clarify with you.

    Please assist, Is there any steps provided by Microsoft in the articles or you know how to verify one of your below point

    "Identify any systems or services that rely on the root CA for certificate validation and ensure they can function without the root CA for the duration of the downtime"

    0 comments No comments

  3. Nithyanandham Singaravadivelu 1 Reputation point
    2023-07-26T09:42:43.04+00:00

    Hi @Hania Lian (Shanghai Wicresoft Co,.Ltd.)

    Could you please help us on this query - how to identify the systems or services that rely on the root CA for certificate validation ?

    0 comments No comments

  4. Nithyanandham Singaravadivelu 1 Reputation point
    2023-07-31T07:12:37.3933333+00:00

    Hi @Hania Lian (Shanghai Wicresoft Co,.Ltd.)

    Could you please help us on this query - how to identify the systems or services that rely on the root CA for certificate validation ?

    Is there any MS article that describes the steps to identify the systems or services that rely on the root CA for certificate validation ?

    0 comments No comments