Export the server licensor certificate

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 R2

The server licensor certificate (SLC) of the AD RMS cluster is used to decrypt all content that was protected by the AD RMS cluster. If the SLC is lost, rights-protected content protected by the AD RMS cluster cannot be decrypted. If you are using a hardware security module (HSM) to store the SLC, you should contact the hardware manufacturer of the HSM and get instructions on how to back up the key. If you are using a private key password to protect the SLC, you can back up the certificate by using the Active Directory Rights Management Services console.

To export the server licensor certificate

  1. Open the Active Directory Rights Management Services console.

  2. In the console tree, select the AD RMS cluster whose certificate you want to export.

  3. Right-click the cluster name, and then click Properties.

  4. On the Server Certificate tab, click Export Certificate.

  5. The Export Certificate As dialog box appears. We recommend that you modify the .bin file name to include the name of your server, such as AD RMS_Cluster1_LicensorCert.bin.

  6. Specify the location where the SLC certificate should be saved, and then click Save.