Breadcrumbs

Configure the CA to Support Key Archival

  1. Open the command prompt and run the certsrv.msc command.

  2. Right-click CA Name and select Properties.

  3. Select the Recovery Agent tab.

image-20250805-074439.png


"Recovery Agents Tab" Window

  1. Select the radio button for Archive the key.

  2. Click Add.

image-20250805-081500.png

"Key Recovery Agent Selection" Window

  1. Select the KRA certificate you just issued and click OK.

  2. Click OK.

  3. Click Yes to restart the AD CS.

If you are using smartcard authentication, the prompt will appear on the PIN Pad device to insert the smartcard and enter the PIN. Then, press the OK button on the PIN Pad.