Selecting a CA Database Location
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
When you install a CA in your organization, you must specify a location for the database and log files of the CA. You must also indicate whether you want to store the configuration information for the CA. Storing the CA configuration information is helpful for backing up and, if necessary, restoring your CA.
You can choose to copy the naming information and the certificate for the CA to the file system (the configuration directory is automatically shared by means of a share named certconfig).
Note
- You can change the location of the database and log files manually at a later time. However, you cannot perform this task by using the user interface.
Windows Server 2003 uses the JET database engine for the CA database. As with any JET database, it is a good idea to place the database and its log files on different physical disk drives, in order to improve fault tolerance and performance. By default, all these files are located in the certlog subdirectory of the system directory.
Tip
- Use a separate RAID for both the database and log files for the highest level of fault tolerance between backup intervals.
The CA database consists of the files listed in Table 16.4.
Table 16.4 CA Database Files
Database file | Purpose |
---|---|
<CA name>.edb |
The CA store |
edb.log |
The transaction log file for the CA store |
res1.log |
Reservation log file to store transactions if disk space is exhausted |
res2.log |
Reservation log file to store transactions if disk space is exhausted |
edb.chk |
Database checkpoint file |
Note
- You can determine the location of the database files for a CA by typing
certutil -databaselocations
at a command prompt or by looking in the Certificate Services snap-in user interface.