Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Install and restore the Certification Authority for Windows SBS 2011 Essentials migration

Published: March 10, 2011

Updated: May 4, 2011

Applies To: Windows Small Business Server 2011 Essentials

To install the Certification Authority

  1. On the Destination Server, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the Roles Summary section, click Add Roles.

  3. On the Before You Begin page, click Next.

  4. On the Server Roles page, select Active Directory Certificate Services, and then click Next.

  5. On the Introduction to Active Directory Certificate Services page, click Next.

  6. On the Select Role Services page, select Certification Authority and Certification Authority Web Enrollment, and then click Next.

  7. On the Specify Setup Type page, select Standalone, and then click Next.

  8. On the Specify CA Type page, select Root CA, and then click Next.

  9. On the Set Up Private Key page, select Use existing private key, choose the Select a certificate and use its associated private key option, and then click Next.

  10. On the Select Existing Certificate page, select the <ServerName>-CA certificate (where <ServerName> is the name of your Destination Server), and then click Next.

  11. On the Configure Certificate Database page, select the default locations, or click Browse if you want to save the database or log file to a different location. Then click Next.

  12. Confirm your selections, and then click Install.

  13. When the wizard is finished, click Close, and then restart the server.

To restore the Certification Authority

  1. Click Start, point to Administrative Tools, and then click Certification Authority.

  2. In the Certification Authority console tree, right-click <ServerName>-CA (where <ServerName> is the name of your Destination Server), click All Tasks, and then click Restore CA.

  3. If you are asked to stop Active Directory Certificate Services, click OK.

  4. The Certification Authority Restore Wizard is run. Click Next on the Welcome page of the wizard.

  5. On the Items to Restore page, select Private key and CA certificate and Certificate database and certificate database log, type or browse to C:\CA_Backup, and then click Next.

    noteNote
    For an incremental restore, first select the full backup file and complete the wizard. Then re-run the wizard, selecting subsequent incremental backup files.

  6. On the Provide Password page, type a password for gaining access to the private key and the CA certificate file, and then click Next.

  7. When the wizard has completed, click Finish.

  8. You are asked if you want to start Active Directory Certificate Services. If you have additional incremental backups to restore, click No to re-run the wizard and continue restoring. If restoration is complete, click Yes to start Active Directory Certificate Services.

Configure CRL distribution list

  1. Click Start, point to Administrative Tools, and then click Certification Authority.

  2. Right-click the server and click Properties.

  3. Click the Extensions tab.

  4. In the list displayed, click the entry http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELATACRLALLOWED>.crl and ensure the following options are selected.

    • Include in CRLs. Clients use this to find the Delta CRL location.

    • Include in the CDP extension of issued certificates.

  5. Click Add, and in the location field type http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELATACRLALLOWED>.crl

  6. Click OK.

  7. Under the Extensions tab, click the entry http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELATACRLALLOWED>.crl and ensure that the following options are selected:

    • Include in CRLs. Clients use this to find the Delta CRL location.

    • Include in the CDP extension of issued certificates.

  8. Click OK to save your changes.

  9. When you are asked to restart Active Directory Certificate Services, click Yes.

Next topic: Transfer the operations master roles for Windows SBS 2011 Essentials migration

Previous topic: Install Windows SBS 2011 Essentials in migration mode for Windows SBS 2011 Essentials migration

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.