DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 216922 - Last Review: November 4, 2003 - Revision: 3.1

This article was previously published under Q216922

SUMMARY

Certificate Server does not create backups of installed keys. If you intend to use the certificate to encrypt persistent data such as e-mail, then you should ensure that some form of back up protects the private key for that certificate. If the key is unprotected, and is subsequently unavailable, then you will be unable to decrypt data encrypted with the certificate.

MORE INFORMATION

The functions of a Certificate Server can be summarized as follows:
Receive certificate requests.Create certificates from the requests it receives.Distribute or publish certificates.Publish Certificate Revocation Lists (CRLs).
Some applications, which encrypt persistent data such as e-mail, have an additional requirement to archive private keys of encryption certificates. This is to ensure a users access to the data in the event that they become unavailable. If that event occurs, the user can request a copy of the private key from the archive. Exchange Advanced Security has an additional service, the Key Manager Server (KMS), which performs this role.

Microsoft CSPs store the private keys in the registry. If Roaming profiles are used, then the Windows NT infrastructure provides resilience for the private keys. If Roaming profiles are not available, or a third-party CSP is used that does not use the registry to store keys, separate provisions should be made to back up the keys.

APPLIES TO
  • Microsoft Certificate Server 1.0
  • Microsoft Windows NT Server 4.0 Standard Edition
Keywords: 
kbinfo KB216922
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support