Maintenance

Database log files are not truncated when you perform a full Certification Authority database backup

As part of joining PKI Solutions, several blog posts from my old site are re-posted here for visibility and thoroughness. You have Windows Server 2008 R2 with installed Active Directory Certification Authority role. When you perform a full database backup by using either certutil.exe utility, or Certification Authority, the database log files are not truncated,…

Read More

Backing up ADCS Certificate Authorities (Part 2 of 2)

In my last blog post (Backing up ADCS Certificate Authorities Part 1) I covered the inner workings of how ADCS and the Jet database works to maintain the CA data. In this post I am going to go over a comprehensive PowerShell script that I wrote to perform a full backup of all necessary ADCS…

Read More

Backing up ADCS Certificate Authorities (Part 1 of 2)

One of the areas I have spoken about extensively at conferences and cover in my training classes is the unique issues associated with backing up and managing your ADCS Certificate Authority. There are several items I would like to address in this two-part series: CA Database and log file structure Unique issues with VM Snapshots with…

Read More

Offline CA Maintenance – What Do You Really Need to Do?

In a previous post, I discussed the configuration and isolation of true offline Certificate Authorities. There I made reference to the fact that an offline CA is one that never sees the light of day, figuratively that is. The CA should be air-gaped from the network, which requires physical access to the CA to manage and…

Read More

Offline Certificate Authority – What Exactly Does that Mean?

This post started as recommended maintenance and updates for offline CAs, and it became clear I should make this a two part post. So today I am covering what an Offline CA really means, and tomorrow I will cover recommendations for maintaining one of them. First, we must cover what I mean by Offline CA…

Read More