It's time: Migrating the PKI components from Windows Server 2012 to a new operating system

At the turn of the year, a note to all operators of a Microsoft Certification Authority and connected services:

The End of product support from Microsoft for Windows Server 2012 and 2012 R2 is slowly approaching, it is the October 10, 2023.

Thus, it is time to prepare for the move to a new operating system.

The recommended and in many cases the most sensible approach is the Migration to another server with updated, long-term supported operating system version.

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

Alternatively, an in-place upgrade is also an option. For this, see the following articles:

For migration paths supported by the manufacturer see Windows Server Migration Matrix for the Certification Authority.

Of course, it is also possible to rebuild in parallel with a current operating system and move the individual use cases to it.

Related links: