Microsoft KB Archive/313272

= HOW TO: Back Up and Restore a Certificate Authority in Windows 2000 =

PSS ID Number: 313272

Article Last Modified on 10/30/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q313272



IN THIS TASK

 * SUMMARY
 * ** Back Up the Certificate Services
 * Restore the Certificate Services
 * Back Up the IIS Metabase
 * Restore the IIS Metabase



SUMMARY
This step-by-step article describes how to back up and restore a Certificate Authority (CA).

Windows 2000 Certificate Services provides a backup and restoration tool you can use to recover from disasters that affect the CA computer. You can use the CA backup and restoration tool to backup and restore keys, certificates, and the certificates database.

You can use the Certification Authority Backup Wizard to create a full backup, and then you can create incremental backups after the full backup is complete. When you restore the certificates database, first restore the full backup, and then restore all of the incremental backups in the order that they were created.

After you restore the CA, you may also need to restore the Microsoft Internet Information Services (IIS) metabase. The IIS metabase stores information about the IIS configuration on the CA. This step is only required if the metabase was lost or corrupted along with the Certificate Services information. If the corrupted metabase is not restored, the certificate services Web pages do not load.

back to the top

Back Up the Certificate Services

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Certificate Authority.
 * 2) Right-click the CA, point to All Tasks, and then click Backup CA.
 * 3) On the &quot;Welcome to the Certification Authority Backup Wizard&quot; page, read the introductory text, and then click Next.
 * 4) On the &quot;Items to Back Up&quot; page, click to select the Private key and CA certificate check box and the Issued certificate log and pending certificate request queue check box. In the Back up to this location box, type a local path to an empty folder. If the folder does not already exist, the Wizard create the folder for you. Click Next.
 * 5) In the Select a Password dialog box, type a password in the Password box, and then type the password again in the Confirm password box. Click Next.
 * 6) On the &quot;Completing the Certification Authority Backup Wizard&quot; page, click Finish. A progress bar appears that shows the status of the backup job. When the backup job is complete, you are returned to the CA console.

back to the top

Restore the Certificate Services

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Certificate Authority.
 * 2) Right-click the CA, point to All Tasks, and then click Restore CA. When you receive the Certification Authority Restore Wizard message that informs you that the certificate services cannot be running during the restoration, click OK to stop the certificate services.
 * 3) On the &quot;Welcome to the Certification Authority Restore Wizard&quot; page, read the introductory text, and then click Next.
 * 4) On the &quot;Items to Restore&quot; page, click to select the Primate key and CA certificate and Issued certificate log and pending certificate request queue check boxes. In the Restore from this location box, type the path to the certificate services backup, or click Browse to locate the folder. Click Next.
 * 5) On the &quot;Provide Password&quot; page, type the password that was used during the certificate services backup in the Password box. Click Next.
 * 6) On the &quot;Completing the Certification Authority Restore Wizard&quot; page, click Finish.
 * 7) After the restoration is complete, a Certification Authority Restore Wizard dialog box informs you that the restoration operating is complete and offers to start certificate services. Click OK to start certificate services.

back to the top

Back Up the IIS Metabase

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services.
 * 2) Right-click your server name, and then click Backup/Restore Configuration.
 * 3) In the Configuration Backup/Restore dialog box, click Create backup.
 * 4) In the Configuration Backup dialog box, type a name for the backup, and then click OK.
 * 5) The backup appears in the Backups window. Click Close.

back to the top

Restore the IIS Metabase

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services.
 * 2) Right-click your server name, and then click Backup/Restore Configuration.
 * 3) In the Configuration Backup/Restore dialog box, click the name of the backup you created, and then click Restore.
 * 4) An Internet Services Manager dialog box appears and informs you that the restoration process is a lengthy operation and that all settings will be lost since the previous backup. Click Yes.
 * 5) After the backup is complete, an Internet Services Manager dialog box informs you that the operation has completed successfully. Click OK.
 * 6) In the Configuration Backup/Restore dialog box, click Close.

NOTE: These procedures can be used only if the services have failed on an existing Windows 2000 installation. If the entire server installation must be replaced, you must back up the system state, and then restore the certificate services and the metabase from the system state backup. Both the certificate services information and the metabase are automatically backed up during a system state backup.

back to the top

Keywords: kbhowto kbHOWTOmaster KB313272

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.