Backup AD CS

Hi guys,

With the following steps you can backup a CA.

  • Export registry with the following line from command line:

reg export “HKLM\System\CurrentControlSet\Services\CertSvc\Configuration”  c:\CaConfig\backup\configuration.reg /y

  • Open AD CS mmc and make a backup pushing Backup CA, these are the steps:

BackupCA01

When wizard appears push Next.

BackupCA02

Select all check boxes and insert a specified path.

BackupCA03

Insert a passphrase and push Next.

BackupCA04

Push Finish.

BackupCA05

In the folder where you have saved the backup you will find the CA Certificate and the database files.

BackupCA06

Regards!

Anuncios

How to export and import a user certificate with powershell

How to export and import a user certificate with powershell.

Export:

Get-QADLocalCertificateStore MyStore |

Get-QADCertificate |

Export-QADCertificate -Mode Collection -Format Pfx -Password (ConvertTo-SecureString <Password> -asplaintext -force) -File c:\MyCerts.pfx |

Out-Null

Description


In this command: Get-QADLocalCertificateStore retrieves a certain certificate store by name from the CurrentUser store location and passes the corresponding object to Get-QADCertificate; Get-QADCertificate retrieves the certificates from that store and passes the certificate objects to Export-QADCertificate; Export-QADCertificate exports all the certificates, along with their private keys, to a single file using the Pfx export format. This export operation requires the export data to be protected by a password, so the Password parameter is used to set a password.

http://wiki.powergui.org/index.php/Export-QADCertificate

Import:

$cert = dir c:\cert |Import-QADCertificate

C:\PS>Get-QADUser domainName\userName |

Add-QADCertificate -Certificate $cert

Description


Create a collection of objects ($cert) representing the certificates found in the certificate files that are located in the specified folder (c:\cert). Then, pass those objects to the Add-QADCertificate cmdlet to identify the certificates to map to the specified user account. As a result, the certificates listed in the $cert variable are mapped to that user account.

http://wiki.powergui.org/index.php/Add-QADCertificate