If you want to upgrade the Certificate Authorities from Windows Server 2003 to Windows Server 2008 the easiest way is by following the next steps.
Install IIS on Windows Server 2008.
Perform a CA Backup (CA Database, Certificate Keys)
Perform a Backup of the CA Configuration
reg export HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
Verify the Issue and Manage Certificates permissions
Uninstall Certificate Services
Change Server Name (Source Server)
Rename Windows Server 2008 with old CA hostname.
Join the target server to the domain
Log on with local or enterprise administrator permissions to the CA computer.
Click Start, click Run, type servermanager.msc, and then press ENTER to open Server Manager.
In the console tree, click Roles.
On the Action menu, click Add Roles.
If the Before you Begin wizard appears, click Next.
In the list of available server roles, select the Active Directory Certificate Services check box, and click Next twice.
Make sure that Certification Authority is selected, and click Next.
Choose if you are migrating to an enterprise or stand-alone CA, and click Next.
Specify either Root or Subordinate CA, depending on the source CA, and click Next.
At this stage, you have a choice between creating a new private key or using an existing private key. Use the second option for a migration.
To create a new CA certificate and key, select Create a new private key.
For a migration, on the Set Up Private Key page, select Use existing private key.
Click Select a certificate and use its associated private key, and click Next.
If the CA certificate has been installed on the computer, it will be listed in the Certificates box. Otherwise, click Import to import a certificate from the .pfx file created by exporting the CA certificate and private key from the source CA.
Click Browse, and locate and select the file containing the certificate and private key exported from the source CA.
Enter the password you selected when exporting the CA certificate and key from the source CA, and click OK.
On the Select Certificate page, click Next.
Complete the rest of the installation wizard to finish installing AD CS.
Click Yes to accept the warning to overwrite AD DS. (This appears only if you are installing an enterprise CA.)
If the CA is installed on a workgroup computer or an existing private key was reused, optionally set the distinguished name suffix, and click Next.
If the CA is a new root CA, set the validity period for the certificate generated on the CA, and click Next. Otherwise, skip this step.
If required, configure the database location paths, and click Next.
If you are installing a subordinate CA, select whether to save the certificate request or submit it directly to the CA, and click Next.
To install AD CS, click Install.
a. To import the CA database from the source CA to the target CA by using the Certification Authority snap-in
b. Log on with administrative credentials to the target CA computer.
c. Open the Certification Authority snap-in.
d. Right-click the node with the CA name, point to All Tasks, and then click Restore CA. Click OK to confirm stopping the CA service.
e. In the CA Restore wizard, on the Welcome page, click Next.
f. On the Items to Restore page, select Certificate database and certificate database log. Click Browse, and navigate to the location of the Database folder that contains the CA database export files created when you previously exported the CA database.
g. Enter the password you used to export the CA database from the source CA, if a password is requested.
h. Click Finish, and then click Yes to confirm restarting the CA.
Maheshkumar S Tiwari edited Revision 2. Comment: Added tags
Tony Soper_MSFT edited Original. Comment: corrected typo in title
The formatting issues make me think this is still in progress. If so, we might want to make that clear in the article.