Setting up a new CA server /removing the old one

[Guest bay-br]

In brief, we have a CA services (AD integrated)installed on a machine

that might get removed off the network. Now, we have issued a few

server certificates (for web access) and certs for EFS usage. We dont'

want anything in the windows domain to break by removing this box.

 

What I am planning to do:

1)Installa new Ent CA in the network (possible?) This will be the only

CA in the domain eventually.

2)Revoke certs issued by old CA server

3)Issue new server certs (web access) using th new CA

4)If all is well, uninstall the old CA.

 

My assumption is that the existing CA server is only used for EFS and

server certificates.

 

Is this feasible? Will I majorly break anything in my domain by doing

this?

thanks.