-
Open the command prompt and run the certsrv.msc command
-
Right click CA Name and select Properties
-
Select the Recovery Agent tab
Figure 54: Recovery Agents Tab window
-
Select the radio button for Archive the key
-
Click Add
Figure 55: Key Recovery Agent Selection window
-
Select the KRA certificate you just issued and Click OK
-
Click OK
-
Click Yes to restart the AD CS
If you are using Smartcard Authentication, the prompt will go on the PIN Pad device to insert Smartcard and enter the pin. Then press OK button on the PIN Pad.