📄️ Procedure Overview
There are several ways to migrate an existing Microsoft Certification Authority (AD CS) to use the private keys from the Primus HSM or CloudHSM service, either:
📄️ Backup AD CS
It is recommended to create a backup of the AD CS database, registry settings and the AD CS certificate including the private key (if exportable).
📄️ Delete the Key and Certificate
Locate and remove the key(s) and certificate(s) from the old key storage provider and certificate store. Note, that there may be several keys and certificates involved in case the CA certificate was already renewed.
📄️ Import Private Key to HSM
To import the private key (from AD CS backup) into the Securosys HSM, perform the following steps:
📄️ Reconfigure AD CS Registry
Depending on the “Source” key store the procedure differs slightly (CNG 2.8.4.1, CSP 2.8.4.2).
📄️ Test and Cleanup
Start the AD CS services again and verify that everything works correctly.