O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Performing Key Recovery

When a private key must be recovered from a CA, the certificate manager and key recovery agent must work together to extract the encrypted BLOB from the CA database, decrypt the private key from the encrypted BLOB, and distribute the PKCS #12 file to the original user.

Using Certutil to Perform Key Recovery

This process can be performed at a command prompt by running the certutil.exe utility.

Note

Note

The Key Recovery Tool used in Windows Server 2003 is no longer available. The tool can still be used to recover certificates archived at Windows Server 2003 enterprise CAs but is not supported for Windows Server 2008 CAs.

The certutil.exe ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required