Dear All ,
We have a
physical standalone offline Root CA
enterprise Sub CA , online responders in a virtual environment.
Backup Strategies are as follows
On the Root CA
#####################
1- Log on as user who has CA administrator rights and should be a part of backup operators.
2- Create a folder under %Homedrive% called Backup.
3- Create a new text document under C:\scripts
4- Paste the following text:
Echo Backup Certification Authority, Certificates, Templates and CSP
c:
cd \scripts
Echo Y| del C:\backup\database
rd C:\backup\database
Echo Y| del c:\backup
Echo Backing up the Certification Authority and Certificates
certutil -backup –p <givepassword> c:\backup
Echo Backing up the registry keys
reg export HKLM\System\CurrentControlSet\Services\CertSvc\Configuration c:\backup\regkey.reg
Certutil –getreg CA\CSP > C:\Backup\CSP.txt
Echo Documenting all certificate templates published at the CA
Certutil –v -catemplates > C:\Backup\CATemplates.txt
#########################################
For enterprise SUb CA and online responder - we're considering full VM backup using Veeam tool .
Is it recommended to perform a full VM backup or should it be just the config files and related data ? It's easy to perform a full VM backup - but the question is how consistent and reliable it is ?
Please share the best practices followed to backup Enterprise SUb CA & online responders in a virtual enviroment
Thanks
Shaun
We have a
physical standalone offline Root CA
enterprise Sub CA , online responders in a virtual environment.
Backup Strategies are as follows
On the Root CA
#####################
1- Log on as user who has CA administrator rights and should be a part of backup operators.
2- Create a folder under %Homedrive% called Backup.
3- Create a new text document under C:\scripts
4- Paste the following text:
Echo Backup Certification Authority, Certificates, Templates and CSP
c:
cd \scripts
Echo Y| del C:\backup\database
rd C:\backup\database
Echo Y| del c:\backup
Echo Backing up the Certification Authority and Certificates
certutil -backup –p <givepassword> c:\backup
Echo Backing up the registry keys
reg export HKLM\System\CurrentControlSet\Services\CertSvc\Configuration c:\backup\regkey.reg
Certutil –getreg CA\CSP > C:\Backup\CSP.txt
Echo Documenting all certificate templates published at the CA
Certutil –v -catemplates > C:\Backup\CATemplates.txt
#########################################
For enterprise SUb CA and online responder - we're considering full VM backup using Veeam tool .
Is it recommended to perform a full VM backup or should it be just the config files and related data ? It's easy to perform a full VM backup - but the question is how consistent and reliable it is ?
Please share the best practices followed to backup Enterprise SUb CA & online responders in a virtual enviroment
Thanks
Shaun