Windows Server Guides

Backup Operator

• Woodworking Plans With Step-by-step Instructions

Performs backups of the CA database, the CA configuration, and the CA's private and public key pair (also known as a key pair).

Note If the CA's private and public key pair is stored on a hardware secu rity module (HSM), backup operators can only back up the CA key pair if the HSM's security context allows this ability.

You can use one of the following methods to perform the backup of CA information:

■ Windows Server 2003 backup utility. By including the System State in the backup set, you ensure that Certificate Services is fully backed up. The System State includes the CA database, CA log files, and registry configuration of Certificate Services.

■ Certification Authority console. From the Certification Authority console, a backup operator can include the private key and CA certificate, as well as the certificate database and certificate database log, in the backup set. In addition, the backup operator can choose whether to perform a full or an incremental backup.

■ Certutil.exe. Certutil provides three command lines for backing up Certificate Services:

■ Certutil —backup. The backup set includes the certificate database, the CA certificate, and the CA key pair.

■ Certutil —backupDB. The backup set only includes the certificate database.

■ Certutil —backupkey. The backup set only includes the CA certificate and the CA key pair.