Configure a certificate template for key archival and recovery
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To configure a certificate template for key archival and recovery
-
Open Certificate Templates.
-
In the details pane, right-click the certificate template that you want to change, and then click Properties.
-
On the Request Handling tab, select the Archive subject's encryption private key check box.
Notes
-
To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
-
To open Certificate Templates, click Start, click Run, type certtmpl.msc, and then press Enter.
-
This procedure is applicable to version 2 templates. For more information about version 2 templates, see Related Topics.
-
In addition to this procedure, the certification authority must be configured to archive keys. For more information, see Related Topics.
-
Clients must be re-enrolled to receive a certificate that is based on the changed template if they already have a valid certificate that is based on the old template. For more information about re-enrolling clients, see Related Topics.
See Also