How to move a certification authority to another server

How to move a certification authority to another server:

Note, steps 1 and 7 have two different methods, I'm not sure which will work in each case so I've included both.

1. Back up the CA cryptographic keys and database to a central
location. This step can create a file that is named CA_Name.P12 (a
password protected file) that contains the private key of the CA, and a
folder that is named Database that holds the CA database and log files.

1. Back up the CA cryptographic keys, stop CA and copy system32/cert and
system32/certlog to a safe place

2. Back up the following key in the registry:HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\CertSvc\Configuration\CA Name

3. Shut down the first server. (You must do this before you rename the
new server.)

4. Disconnect the old server from the network, either by removing the
network tap or by disabling all the active network interfaces.

5. Install Certificate Services on the new server. When you select the
type of CA to install, click to select the Advance Install check box.

6. Click the CA_Name.P12 file from the central location, and then
continue with the CA Setup. The CA log and database file paths must be
the same on the new server as they had been on the outdated server. When
you have installed Certificate Services, the new CA is going to be
cryptographically the same as the outdated CA.

7. Start the CA Microsoft Management Console (MMC) snap-in, and then
restore the backup (to restore the database and log files).

7. copy System32\Cert und System32\CertLog to new server

8. Restore the backed up registry key.

9. After you verify the functionality of the new server, you can safely
remove Certificate Services from the outdated server. The CA
cryptographic keys must be deleted before you remove Certificate
Services. Start the Command Prompt and follow these steps:
a. Type certutil -shutdown to stop Certificate Services.
b. Type certutil -key to list the cryptographic keys installed on the
server. In the list of keys, one entry is the name of the Certificate
Authority.
c. Type certutil -delkey CA Name. If the name of the Certificate
Authority contains spaces, enclose the CA name in quotation marks.
d. Certificate Services can now be safely removed from the server.

original can be found at
(http://support.microsoft.com/default.aspx?scid=kb;en-us;298138)