With the following steps you can backup a CA.
- Export registry with the following line from command line:
reg export “HKLM\System\CurrentControlSet\Services\CertSvc\Configuration” c:\CaConfig\backup\configuration.reg /y
- Open AD CS mmc and make a backup pushing Backup CA, these are the steps:
When wizard appears push Next.
Select all check boxes and insert a specified path.
Insert a passphrase and push Next.
In the folder where you have saved the backup you will find the CA Certificate and the database files.
How to export and import a user certificate with powershell.
Get-QADLocalCertificateStore MyStore |
Export-QADCertificate -Mode Collection -Format Pfx -Password (ConvertTo-SecureString <Password> -asplaintext -force) -File c:\MyCerts.pfx |
In this command: Get-QADLocalCertificateStore retrieves a certain certificate store by name from the CurrentUser store location and passes the corresponding object to Get-QADCertificate; Get-QADCertificate retrieves the certificates from that store and passes the certificate objects to Export-QADCertificate; Export-QADCertificate exports all the certificates, along with their private keys, to a single file using the Pfx export format. This export operation requires the export data to be protected by a password, so the Password parameter is used to set a password.
$cert = dir c:\cert |Import-QADCertificate
C:\PS>Get-QADUser domainName\userName |
Add-QADCertificate -Certificate $cert
Create a collection of objects ($cert) representing the certificates found in the certificate files that are located in the specified folder (c:\cert). Then, pass those objects to the Add-QADCertificate cmdlet to identify the certificates to map to the specified user account. As a result, the certificates listed in the $cert variable are mapped to that user account.