Export CA certificate

AXISHK
AXISHK used Ask the Experts™
on
Some of the users has generate a client certificate on my Window 2012 CA server. If the user's PC is crashed, can I export the certificate from the CA. will the CA contain the private key in the export ?

For certificate renewal on client certificate, is it possible to renew the expired certificate on CA without touching the user's PC ?

Thx
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dan McFaddenSystems Engineer

Commented:
Are you referring to Workstation Authentication certs or User certs?

If these are Workstation certs, setup auto enrollment.

Link:  https://technet.microsoft.com/en-us/library/cc731522.aspx

Dan

Author

Commented:
only few workstations enrolls. CA certificate for authenticating to VPN appliances,

some of them are not connect to the domain....
Systems Engineer
Commented:
I don't think there is a way around having to touch a workstation in order to renew a certificate.

You can need to have key archival setup on the CA to export existing valid keys so you could restore a certificate to a rebuilt computer.

Links:
1. https://technet.microsoft.com/en-us/library/cc781351%28v=ws.10%29.aspx
2. https://technet.microsoft.com/en-us/library/cc753826.aspx
3. http://www.b-blog.info/en/archiving-and-recovering-private-key-in-microsoft-certificate-authority.html

Dan

Author

Commented:
Thx

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial