As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. You have Windows Server 2008 R2 with installed Active Directory Certification Authority role. When you perform a full database backup by using either certutil.exe utility, or Certification Authority, the database log files are not truncated,…

Read More

In my last blog post (Backing up ADCS Certificate Authorities Part 1) I covered the inner workings of how ADCS and the Jet database works to maintain the CA data. In this post I am going to go over a comprehensive PowerShell script that I wrote to perform a full backup of all necessary ADCS…

Read More

One of the areas I have spoken about extensively at conferences and cover in my training classes is the unique issues associated with backing up and managing your ADCS Certificate Authority. There are several items I would like to address in this two-part series: CA Database and log file structure Unique issues with VM Snapshots with…

Read More

In a previous post, I discussed the configuration and isolation of true offline Certificate Authorities. There I made reference to the fact that an offline CA is one that never sees the light of day, figuratively that is. The CA should be air-gaped from the network, which requires physical access to the CA to manage and…

Read More

This post started as recommended maintenance and updates for offline CAs, and it became clear I should make this a two part post. So today I am covering what an Offline CA really means, and tomorrow I will cover recommendations for maintaining one of them. First, we must cover what I mean by Offline CA…

Read More