?
Solved

My Certificate Server Died. How can I get the new server to accept the certs form the old server

Posted on 2009-04-24
2
Medium Priority
?
749 Views
Last Modified: 2012-05-06
My Certificate Server Died. How can I get the new server to accept the certs form the old server. Both servers were/are running Windows Server 2003.
0
Comment
Question by:john1p47
2 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 24245024
The hostname and CAName need to be the same as the old CA.  You would then need to import the CA database and CA private key.  Hopefully these were backed up at some point.

Alternatively, if you are able to do a full restore including system state that will contain the necessary information.  This comes with the normal caveats like any other server when changing hardware for the restoration - if the hardware is similar to the old server it shouldn't be much of an issue regarding drivers, etc.

How to move a CA to another server:
http://support.microsoft.com/kb/298138

To backup cert services, CA database, and CA private key:
certutil -backupDB d:\CAdb KeepLog
certutil -backupKey a:\

Note: your private key should not be stored in exported format on any network connected server.  Save it to a floppy, thumb drive, etc. and keep it physically locked up in an anti-static bag.  If storing on a floppy, create a fresh copy every couple of years as floppies deteriorate - usb flash drives are preferred.


To recover, if you have these files:
certutil -restoreKey %path%
certutil -restoreDB %path%
0
 

Author Closing Comment

by:john1p47
ID: 31574442
Thanks!
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Loops Section Overview
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question