Solved

Key recovery agent certificate invalid Error

Posted on 2016-10-13
4
13 Views
Last Modified: 2016-10-19
I am working with an Aruba vendor to have a dual authentication Clinical Wi-Fi setup for our organization. To my surprise, I'm assuming a 3rd party contractor, setup CA in our Active Directory already. However, what I need it to do is archive keys so that it can work properly with what we're trying to do.
The issue I am having though is that when I right click on my Certification Authority > Properties > Recovery Agents > Archive the key > I get 3 options and all 3 give me an 'Invalid' Status and I'm unsure as to why and how to exactly jump in and fix that since the expiration dates are still good.
If I need to create a new Key Recovery Certificate to get this to work, I'd be open for that too.

Apologize if I'm missing any information, please ask for further details if needed.
0
Comment
Question by:Joe Lowe
  • 3
4 Comments
 
LVL 21

Expert Comment

by:Jakob Digranes
ID: 41843075
the certificates you're trying to archive are Key Recovery of type? valid dates?
0
 

Author Comment

by:Joe Lowe
ID: 41843838
How do I verify to be sure that they are Key Recovery types?  And the dates are valid, expiration date was 3/29/2017.
I have attached the window I am having an issue with.
CAError.docx
0
 

Accepted Solution

by:
Joe Lowe earned 0 total points
ID: 41844434
Looks like I was able to the solve the issue just by creating a new Key Recovery Cert through:
https://www.youtube.com/watch?v=K-6zgcGbZ3U
0
 

Author Closing Comment

by:Joe Lowe
ID: 41849733
This worked for our organization.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now