CA role is living on a DC that needs to be rebuilt.

Chris H
Chris H used Ask the Experts™
on
Domain Controller with CA has some issues. Need guidance for a rebuild.

My plan was to back up the CA, demote and reinstall with the same name, promote and reinstall the CA role and then restore from backup of CA.  However, step one (backup CA) threw a warning that one of the private keys can't export.

Any help is appreciated.

Thanks in advance!!



PS The error from the backup attempt of the CA is:
Windows cannot backup one or more private keys because the CSP does not support key export
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Days of requiring private CAs have long been over since https://LetsEncrypt.org began providing free certs.

For a setup once + forget forever solution, use https://LetsEncrypt.org + you'll be up + running in a few minutes.

If you go the route of running a private CA, instructions about how you go about this tend to be unique for each environment.

Refer to your notes when you first setup your CA + just go through your entire command sequence again.
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
Days of requiring private CAs have long been over since https://LetsEncrypt.org began providing free certs.
That is not true and not what a PKI is used for. I suspect you are thinking of self-signed certs

Just as a check, did you look through these steps?
https://social.technet.microsoft.com/Forums/en-US/453a2991-2b65-414b-b0f4-ec90f8204889/windows-cannot-backup-one-or-more-private-keys-because-the-csp-does-not-support-key-export?forum=winserversecurity
Chris HInfrastructure Manager

Author

Commented:
I googled this already......  I was hoping to find an expert in CA.  At this point, I'm restoring the original VM to see if there is a magical combination of exporting the key and what have you...  I'll update with my findings and hopefully come up with a solution for everyone in my shoes.
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
I googled this already......
Really no need for that. Like I said in my comment Just as a check

Good luck
Chris HInfrastructure Manager

Author

Commented:
Sorry if that came off as snide.  I was down and out when I typed that.

I rebuilt the server and restored the original VM.  From their, I corrected the PKI issue on the old server, exported the CA and restored it to the new one successfully.  

As a precaution, I've removed everyone's ability to RDP into this server in the future to keep it in pristine condition.

Thanks!
Infrastructure Manager
Commented:
See my last comment above,

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial