Configure Certificate Private Key Archive
Duplicate the Key Recovery Agent template
Uncheck the CA certificate manager approval checkbox
Ensure only Domain Admins and Enterprise have permissions to Enroll
Set the Certificate Template name and click OK
Add the new template as a Certificate Template to Issue within the Certificate Authority Console.
Select the new Template and click OK
Now log on as a domain administrator, use the Certificate snap-in on personal store in mmc to request a Key Recovery Agent
Click Next
Select the Key Recovery Template you have just configured and click Enroll
Verify this succeeds and click Finish
Edit the Properties of the Certificate Authority
Select eh Archive the key radio button and click Add
Select the certificate and click OK
Click Yes to restart the services
Now edit your existing Certificate templates to include the Archive subject’s encryption private key option
You will receive a warning in relation to any certificates that have already been issues. Click OK
Now issue a certificate and verify that the key is archived by adding the Archived Key Column to the Certificate Authority Console
Comments
Post a Comment