Your account | Cart Cart
 Search
Home Products FAQs Download Shop Contact
UMove for Active Directory
IntroductionIntroduction
Choice of OperationChoice of Operation
Loading Active DirectoryLoading Active Directory
Advanced TopicsAdvanced Topics
Moving Application DatabasesMoving Application Databases
Moving the Certificate Services DatabaseMoving the Certificate Services Database
Moving COM+Moving COM+
Moving the DHCP DatabaseMoving the DHCP Database
Moving EFS Recovery Agent KeysMoving EFS Recovery Agent Keys
Moving IIS Security SettingsMoving IIS Security Settings
Moving Terminal Server LicensesMoving Terminal Server Licenses
Moving the WINS DatabaseMoving the WINS Database
Error MessagesError Messages

Moving the Certificate Services Database

What is Certificate Services?

A certificate server (sometimes called a Certificate Authority or CA) generates public key certificates for installation on secure web servers. A secure web server presents its certificate to visiting web browsers to prove the identity of the web server to the satisfaction of web browser. Certificates are used to encrypt the Secure Socket Layer (SSL) protocol for transmitting sensitive information such as credit card numbers. SSL runs under the HTTPS (HTTP Secure) protocol to access secure URLs such as https://secure.site.com.

Certificates are based on a “chain of trust” from the web server up to the CA. The web server presents a certificate that has been signed by the a CA. The web browser compares the signature to the CA certificate previously installed in the web brower. This proves the identity of the web server to the web browser.

Use of Certificate Services is rare. Normally you will purchase a web-server certificate that is signed by a public CA such as VeriSign.

However a large enterprise may want to act as its own private CA. A private CA can sign its own certificates, for example for use by private internal secure web servers. To generate private SSL certificates a large enterprise will use Certificate Services to act as the CA. Certificate Services is typically installed on only one server for the entire organization.

Computer name is not important

When you install Certificate Services a message will be displayed that warns you not to change the name of the computer. You can safely ignore this message. UMove will copy both the Certificate Services database and the corresponding computer name from the source computer.

Manual copy of CA is incomplete

The Microsoft Knowledge Base article Q283193 describes how to manually copy the Certificate Services database. However the article omits copying of the enterprise private key. The private key is required to encrypt certificates for web servers.

To work around this problem, UMove will automatically copy all information needed to move the entire Certificate Services database to the destination computer. This includes the CA database and the enterprise private key.

How to Move the Certificate Services Database
Algin Technology LLC
   Home -- Products -- FAQs -- Shop -- Download -- Reseller -- Privacy -- Contact
Copyright © 2008, Algin Technology LLC