Microsoft KB Archive/216922

= Certificate Server Does Not Create Backups of Installed Keys =

Article ID: 216922

Article Last Modified on 11/4/2003

-

APPLIES TO


 * Microsoft Certificate Server 1.0
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q216922





SUMMARY
Certificate Server does not create backups of installed keys. If you intend to use the certificate to encrypt persistent data such as e-mail, then you should ensure that some form of back up protects the private key for that certificate. If the key is unprotected, and is subsequently unavailable, then you will be unable to decrypt data encrypted with the certificate.



MORE INFORMATION
The functions of a Certificate Server can be summarized as follows:

Receive certificate requests.Create certificates from the requests it receives.Distribute or publish certificates.Publish Certificate Revocation Lists (CRLs).

Some applications, which encrypt persistent data such as e-mail, have an additional requirement to archive private keys of encryption certificates. This is to ensure a users access to the data in the event that they become unavailable. If that event occurs, the user can request a copy of the private key from the archive. Exchange Advanced Security has an additional service, the Key Manager Server (KMS), which performs this role.

Microsoft CSPs store the private keys in the registry. If Roaming profiles are used, then the Windows NT infrastructure provides resilience for the private keys. If Roaming profiles are not available, or a third-party CSP is used that does not use the registry to store keys, separate provisions should be made to back up the keys.

Additional query words: Certificate, Back-up, S/MIME

Keywords: kbinfo KB216922

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.