How to Backup a Windows Certificate Server

Home > Blogs > Windows Server > How to Backup a Windows Certificate Server

How to Backup a Windows Certificate Server

Like This Blog 0 Mike Danseglio
Added by July 16, 2013

A lots of different systems and platforms use certificates and Public Key Infrastructure (PKI). Many companies have decided to implement an internal Certification Authority to issue certificates to computers, users, and other Certification Authorities.

The loss of PKI data can be devastating, even requiring a full enterprise rebuild in some cases. So you need to ensure that you back up not just the CA system itself, but the CA’s database as well. This applies even when you’re using Active Directory integrated PKI as an Enterprise CA.

Although the steps seem simple, they’re very important. Without all of these steps you will be challenged to recover the CA after a catastrophic loss.

Steps to backing up a Certificate Server

The steps to back up a Windows Certificate Server running on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 are all the same. They are:

  1. Run Certutil –backupDB on the CA. This backs up the entire CA database to a folder of your choice.
  2. Run Certutil –backupKey on the CA. This backs up the certificate and private key that the CA is currently using to a PFX file in the folder of your choice.
  3. Perform a full system backup. Use any tool you like. The built-in Windows Backup is fine, and if your organization uses a higher-end backup solution, even better. Make certain that your backup includes the folders that you specified in the Certutil commands!
  4. Perform a backup of the Active Directory database. Do not rely on replication to save you if you need to recover from a major incident, as bad data is just as easily and quickly replicated as good data. Again, use whatever tool or process you prefer.

Now store the backed up data in a safe place and pray that you never need it!

If you want more Windows PKI articles please be sure to drop me a comment.

Take care!

 

Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor

Videos You May Like

Agile Methodology in Project Management

0 154 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Windows 10 Features and Navigation – December 1, 2015

0 114 1

In this recorded Windows 10 webinar from December 1,2015, Windows Instructor Steve Fullmer presents the navigation and some of the new features associated with Windows 10 including Sysinternals Tools for Windows Client, Windows core concepts, exploring Process Explorer as well as some of the features that are not yet ready for prime time but will … Continue reading Windows 10 Features and Navigation – December 1, 2015

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 608 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.