O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 18: Archiving Encryption Keys

Q:

At what CAs in the CA hierarchy must you enable key archival? How many key recovery agents must be defined at each CA?

A:

Key archival must be enabled at each of the regional issuing CAs. At each regional CA, you must define two key recovery agents: one at the corporate head office in Chicago and one at the regional office where the issuing CA is located.

Q:

What operating system must be installed on the issuing CAs to allow key archival?

A:

The issuing CAs must be running Windows Server 2008 Enterprise or Windows Server 2008 Datacenter to enable key archival.

Q:

Can you combine the key recovery agent role with the roles of CA administrator, certificate manager, auditor, or backup operator? Why or why not?

A:

You ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required