Certificate Server Does Not Create Backups of Installed KeysArticle ID: 216922 - View products that this article applies to. This article was previously published under Q216922 SUMMARY
Certificate Server does not create backups of installed keys. If you intend to use the
certificate to encrypt persistent data such as e-mail, then you should
ensure that some form of back up protects the private key for that certificate.
If the key is unprotected, and is subsequently unavailable, then you
will be unable to decrypt data encrypted with the certificate.
MORE INFORMATION
The functions of a Certificate Server can be summarized as follows:
Receive certificate requests.Create certificates from the requests it receives.Distribute or publish certificates.Publish Certificate Revocation Lists (CRLs).
Some applications, which encrypt persistent data such as e-mail, have an
additional requirement to archive private keys of encryption
certificates. This is to ensure a users access to the data in the event
that they become unavailable. If that event occurs, the user can request a
copy of the private key from the archive. Exchange Advanced Security has
an additional service, the Key Manager Server (KMS), which performs this
role.Microsoft CSPs store the private keys in the registry. If Roaming profiles are used, then the Windows NT infrastructure provides resilience for the private keys. If Roaming profiles are not available, or a third-party CSP is used that does not use the registry to store keys, separate provisions should be made to back up the keys. PropertiesArticle ID: 216922 - Last Review: November 4, 2003 - Revision: 3.1
|
| United States | Change | | | All Microsoft Sites |
Select the product you need help with
Back to the top
