I have installed EJBCA 3.10.1 and signserver ( just for timestamp) on one server box. the purpose is to generate certificate for PDF document signing. this server is installed on DMZ to allow outside users to validate the PDF signature. this installation works for 3 years ago and still works fine.
So, for security reason, I want to install a new server in the LAN with last version of EJBCA, signserver, jboss(5.1.0), MySQL and Ubuntu. and I will install another server in the DMZ with OCSP protocol for validation.
as you can guess the IP of my ejbca server on the DMZ and the LAN are not the same. and my Company ROOT CA contains the IP address of the server it will an issue that I have to think about.
So, technically installing the internal server with last versions and restore my old config from the old server (MySQL database, ejbca/conf/, ejbca/p12/). Do you think that these steps will be sufficient to get my new server with all my generated certificates and my ROOT certificates work again ?
Please, if there is any thing important and not listed in this process, please let me know, I don't want to break the PDF document signing service for my users.