Please suggest for 1 tier CA
Hi Guys,
Please help a fellow pki newbie
Sooo, we currently have an on-prem Microsoft Tier 1 CA setup where a single server is acting as both Root CA and Issuing CA (yeah, not ideal, inherited setup).
We’re planning to migrate this CA infrastructure to AWS and I’m trying to understand the cleanest and safest approach from people who’ve already done similar migrations in production.
Current environment:
Windows ADCS
Single-tier CA (Root + Issuing on same server)
IIS is also hosting certificate-related applications/pages under Default Web Site
Existing certificates are actively being used internally and externally
We also have templates, CRL/AIA locations, and auto-enrollment in place
Some of the things I’m trying to figure out:
Is taking a normal CA backup enough? From what I understand, the CA backup only captures:
CA database
Private key
Registry configuration
But it won’t include IIS configuration/apps under Default Web Site. So for a proper migration, do I also need IIS backup/export ,App pool configs Website bindings,SSL bindings?
Please suggest