Export (0) Print
Expand All

How to Create Self-Signed Certificates for Successful Encryptions

Updated: April 21, 2010

Applies To: System Center Data Protection Manager 2010

DPM supports two types of certificates to successfully encrypt data at a protection group level: self-signed certificates and certificates imported from a certification authority (CA). You can create a self-signed certificate using makecert.exe.

ImportantImportant
You should use a certificate store to securely store your certificates. The .snk files used by this tool store private keys in an unprotected manner. When you create or import a .snk file, you should be careful to secure it during use and remove it when you are done.

SSL server certificates for Internet Information Services (IIS) are stored in the "Personal" ("My") certificate store of the "computer account" ("localMachine"). The "Certificates" snap-in of the Microsoft Management Console (mmc.exe) must be used to manage these certificates. The certificate management window (accessible from "Internet Properties" / "Content" / "Certificates" or from "Control Panel" / "Users and Passwords" / "Advanced" / "Certificates") cannot be used.

To create a self-signed certificate

To import self-signed certificates into DPMBackupStore Using Makecert.exe

  • Type the following command

    Makecert.exe -r -n "CN=MyCertificate" -ss DPMBackupStore -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -e <expiry date in mm/dd/yyformat>

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft