Sunday, April 27, 2025
Latest:
NETWORK ADMINISTRATIONSWindows server

12. Enable Key Archival for a Certificate Authority | Windows Server 2019

Alice AUSTIN

Video Series on Managing Active Directory Certificate Services:

In this video Guide we will see the steps on How to Enable Private Key Archival in Windows Server 2019 Enterprise Subordinate Certificate Authority.

1. Modify the Key Recovery Agent Certificate Template and Publish it in CA.
2. Request Key Recovery Agent Certificate.
3. Enable Private Key Archival in Certificate Authority properties.
4. Enable Archive Subjects Encryption Private Key settings in Certificate Template.

Click Below link to see the next part on How to Recover lost private key using Key Archival.

To help protect private keys, Microsoft enterprise certification authorities (CAs) can archive a user’s keys in its database when certificates are issued. These keys are encrypted and stored by the CA. This private key archive makes it possible for the key to be recovered at a later time. The key recovery process requires an administrator to retrieve the encrypted certificate and private key and then a key recovery agent to decrypt them.

Full Playlist:
http://yt.vu/p/PLUZTRmXEpBy0VB8ojNFzgmoC1s-_JwZW7

Follow my blogs:
https://msftwebcast.blogspot.com

source

windows server

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

How to Recover the ROOT Password on CentOS 7 VM (w/SELinux Disabled – Full Screen)

Unix & Linux: CentOS 7 Share a file on my network so anyone can download it (2 Solutions!!)

Unix & Linux: CURL request using .netrc file

7 thoughts on “12. Enable Key Archival for a Certificate Authority | Windows Server 2019

  • You have focused more on practical. Please also explain why and what is purpose of key archival? This is important as we should know why key archival is important

  • @15:49 – is it best practice to enable Key Archive for all Certificate ?? Or just Certs that enable encryption

  • @12:16 – can you show what modification is needed for each template to be able to issue them, and which template supersede any other template, just like how you did this "Basic EFS" template.

  • @6:42 – you have issued a "CA Exchange" certificate, but @12:15 you don't have the cert to issue, so how did you issue that cert ???
    Only cert this server can issue is "User" and "OCSP", or did I miss something ????

  • Great video!!! Thank you so much, always great content. Perhaps a video about a GPO with power settings and screen saver settings in order for the computer to lock.Thanks.

Comments are closed.