AManoux
asked on
Key Recovery Agent Certificate
I am configuring the Key Archival & Recovery in a Windows 2003 Certificate Authority (Enterprise). I have submitted the request for the KRA cert and then approved the request from the CA. However, I can't retrieve the certificate as the Certificate Enrollment wizard doesn't start. I need help retrieving the cert.
Below are the steps as instructed by Microsoft.
http://technet.microsoft.com/en-us/library/ee449464(WS.10).aspx#BKMK_AddKRATemplate
__________________________
To issue a key recovery agent certificate
1.Start the Certification Authority snap-in and click the Pending Requests folder.
2.Right-click the pending key recovery agent certificate request, click All Tasks, and then click Issue.
The issued certificate is automatically added to the key recovery agent certificate store on the CA and to the KRA object in AD DS.
Next, a KRA completes the procedure to retrieve an issued key recovery agent certificate.
Retrieving an issued key recovery agent certificate
This procedure should be completed by the user that submitted the key recovery agent certificate request, as described in the procedure Requesting a key recovery agent certificate by using the Certificates snap-in.
To retrieve an issued key recovery agent certificate
1.Start the Certificates snap-in.
2.Right-click Certificates – Current User, click All Tasks, and then click Automatically Enroll and Retrieve Certificates to start the Certificate Enrollment wizard.
3.Review the Before You Begin page, and then click Next.
4.On the Request Certificates page, the key recovery agent certificate should display a status message indicating that enrollment is pending. Select the key recovery agent certificate, and then click Enroll.
5.Click Finish to complete the wizard.
By completing these procedures, a key recovery agent certificate has been issued and installed to the user's personal certificates store and is available for key recovery operations.
Below are the steps as instructed by Microsoft.
http://technet.microsoft.com/en-us/library/ee449464(WS.10).aspx#BKMK_AddKRATemplate
__________________________
To issue a key recovery agent certificate
1.Start the Certification Authority snap-in and click the Pending Requests folder.
2.Right-click the pending key recovery agent certificate request, click All Tasks, and then click Issue.
The issued certificate is automatically added to the key recovery agent certificate store on the CA and to the KRA object in AD DS.
Next, a KRA completes the procedure to retrieve an issued key recovery agent certificate.
Retrieving an issued key recovery agent certificate
This procedure should be completed by the user that submitted the key recovery agent certificate request, as described in the procedure Requesting a key recovery agent certificate by using the Certificates snap-in.
To retrieve an issued key recovery agent certificate
1.Start the Certificates snap-in.
2.Right-click Certificates – Current User, click All Tasks, and then click Automatically Enroll and Retrieve Certificates to start the Certificate Enrollment wizard.
3.Review the Before You Begin page, and then click Next.
4.On the Request Certificates page, the key recovery agent certificate should display a status message indicating that enrollment is pending. Select the key recovery agent certificate, and then click Enroll.
5.Click Finish to complete the wizard.
By completing these procedures, a key recovery agent certificate has been issued and installed to the user's personal certificates store and is available for key recovery operations.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.