asked on CA role is living on a DC that needs to be rebuilt.
Domain Controller with CA has some issues. Need guidance for a rebuild.
My plan was to back up the CA, demote and reinstall with the same name, promote and reinstall the CA role and then restore from backup of CA. However, step one (backup CA) threw a warning that one of the private keys can't export.
Any help is appreciated.
Thanks in advance!!
PS The error from the backup attempt of the CA is:
Windows cannot backup one or more private keys because the CSP does not support key export
My plan was to back up the CA, demote and reinstall with the same name, promote and reinstall the CA role and then restore from backup of CA. However, step one (backup CA) threw a warning that one of the private keys can't export.
Any help is appreciated.
Thanks in advance!!
PS The error from the backup attempt of the CA is:
Windows cannot backup one or more private keys because the CSP does not support key export
* certificate servicesWindows Server 2012Domain Controller
Last Comment
Chris H
Days of requiring private CAs have long been over since https://LetsEncrypt.org began providing free certs.That is not true and not what a PKI is used for. I suspect you are thinking of self-signed certs
Just as a check, did you look through these steps?
https://social.technet.microsoft.com/Forums/en-US/453a2991-2b65-414b-b0f4-ec90f8204889/windows-cannot-backup-one-or-more-private-keys-because-the-csp-does-not-support-key-export?forum=winserversecurity
ASKER
I googled this already...... I was hoping to find an expert in CA. At this point, I'm restoring the original VM to see if there is a magical combination of exporting the key and what have you... I'll update with my findings and hopefully come up with a solution for everyone in my shoes.
I googled this already......Really no need for that. Like I said in my comment Just as a check
Good luck
ASKER
Sorry if that came off as snide. I was down and out when I typed that.
I rebuilt the server and restored the original VM. From their, I corrected the PKI issue on the old server, exported the CA and restored it to the new one successfully.
As a precaution, I've removed everyone's ability to RDP into this server in the future to keep it in pristine condition.
Thanks!
I rebuilt the server and restored the original VM. From their, I corrected the PKI issue on the old server, exported the CA and restored it to the new one successfully.
As a precaution, I've removed everyone's ability to RDP into this server in the future to keep it in pristine condition.
Thanks!
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
For a setup once + forget forever solution, use https://LetsEncrypt.org + you'll be up + running in a few minutes.
If you go the route of running a private CA, instructions about how you go about this tend to be unique for each environment.
Refer to your notes when you first setup your CA + just go through your entire command sequence again.