-
Join a machine to the Domain and log in as a user with Administrative privileges.
-
The steps to install the Microsoft Active Directory Certificate Services are the same as those in the Installing Microsoft Active Directory Certificate Services with Windows Enterprise section. After Microsoft AD CS is successfully installed, continue with the steps below.
-
Open the command prompt and run
certsrv.msc,and then click OK.
"Certificate Authority" Window
-
Select the Certificate Authority node in the left pane.
-
In the Action menu, select All Tasks and then select Backup CA.
"Certificate Authority" Window
If you are using smartcard authentication, the prompt will appear on the PIN Pad device to insert the smartcard and enter the PIN. Then, press the OK button on the PIN Pad.
-
On the Welcome page of the CA backup wizard, click Next.
-
Select Private key and CA certificate, and provide a directory name where you will temporarily store the CA certificate and, optionally, the key. Click Next.
-
Provide a password to protect the CA key and click Next.
"Certification Authority Backup" Window
-
Click Finish.
"Certification Authority Backup" Window
You will receive a warning message that the private key cannot be exported. This is expected behavior because the private key will never leave the Utimaco HSM.
-
Click OK to continue.
-
Export the CA Certificate.
|
›_ Console |
|
-
Generate the MBK and backup of the databases from the first node using the CryptoServer Administrator Tool (CAT).
"Remote Master Backup Key Management" Window
-
Stop the certsvc service. The following command can be executed to accomplish this.
|
›_ Console |
|