Create a Backup of CA Database

The following command can be used to generate a backup of the CA database that can be restored after an incident.

›_ Console

# Create a database and private key backup
> certutil.exe -backup <drive>:\CaBackup

# Create a certificate backup
> certutil -ca.cert "<drive>:\CaBackup\<CA_Name>.cer"

# Create a registry export
>reg export HKLM\SYSTEM\CurrentControlSet\services\CertSvc
<drive>:\CaBackup\CAregistry.reg

# Stop the AD CS service
> net stop certsvc