Restoring the Certification Authority (CA)
The restore method that you use for the certification authority (CA) depends on the type of backups that you performed. For information about the different methods of backing up the CA, see "Backing Up the Certification Authority (CA)."
It is recommended that you restore the CA by restoring the full computer backup set that was created on the computer that is running the CA service. However, if you did not create a full computer backup set of the computer that is running the CA, you can restore the CA by restoring the Windows backup set of the computer that is running Certificate Services (the System State data part of a Windows backup set includes the Certificate Services database). For information about how to restore full computer backup sets and Windows backup sets, see "Restoring Full Computer Backup Sets" and "Restoring Windows Backup Sets."
You can also use the Certification Authority Restore Wizard to restore keys, certificates, and the certificates database. You access this wizard from the Certification Authority MMC snap-in. If you use the Certification Authority MMC snap-in to restore the CA, you must also restore the IIS metabase if it has been damaged or lost.
Note
If the IIS metabase is not intact, IIS will not start, and Certificate Services Web pages will not load.
You restore the IIS metabase file when you restore a Windows backup set (the System State data part of a Windows backup set includes the IIS metabase). You can also restore the IIS metabase independently by using the IIS snap-in.
Important
The Certification Authority Restore Wizard in the Certification Authority MMC snap-in requests that you supply a password when you back up public keys, private keys, and CA certificates.
For more information about how to preserve the root certificate, see Exchange 2000 Server Database Recovery. For more information about the Certification Authority Restore Wizard, see "Restore a certification authority from a backup copy."