Moving a Certificate Authority (CA) to another Domain Controller

I recently had to demote a DC that was the installed CA that causing a problem. These steps to move the CA to another Domain Controller;

* Start-Run-MMC, Snap-in Certificate Authority,

* Back Up CA from the All Tasks menu,

* Back Up both the Private Key and CA sertificate and Certificate Database and certificate database log,

* Enter the password that will be used to secure the backup

* Export that registry key to their profile path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration

* Now remove Certificate Services from the DC.

ON THE NEW SERVER

*Add the Certificate Services component,

* Select the type of CA,(Enterprise CA), then “Use custom settings to generate the key pair and CA certificate”

* Select “Use an existing key”

* Select the file and enter the password you set and click OK.

* Wait until the installation is complete

*Stop the Certificate Services

* Import the registry backup.

* Start the Certificate Authority MMC snap-in.

* Restore CA from the All Tasks.

* Enter the password again.

* Click the finish.

* Start the certificate services.