This part describes the scenario where a user of the Microsoft Software Provider wants to migrate the existing keys into the Utimaco CryptoServer using the Utimaco CNG Provider 2.x.
There are two ways to migrate an existing CA. Either use the existing certificate in the new key storage provider, or use the existing private key and renew the certificate. In general, to migrate ADCS to Utimaco CNG, complete the following steps:
-
Back up the CA and configuration.
-
Install the CryptoServer hardware.
-
Install the CryptoServer software.
-
Import the private key to your CryptoServer HSM.
-
Reconfigure the CA.
-
Test and clean up the procedures.
In this guide, only the reusing of an existing certificate is described.