After backup the keys and database for CA (stand-alone), I want to reinstall the OS on the same machine. On this server, the IIS and SCEP have been installed. And the IIS is also been backup. When I format the system driver and reinstall windows 2003 on the server, then recover CA (stand-alone), install SCEP, recover IIS. But the equipment on the network can not enroll new keys from the CA. The network equipment report that "/usr/local/scep/sscep: error verifying signature".Is there anything need to backup and restore?

You will need to re-enroll the certificate for the SCEP. Review your SCEP installation guide and simply re-enroll for the signing certificate.If you have the old machine, see if you can export the certificate from the local machine store including the private keyBrian

Thank you very much!I have backup the private key and database for CA on old machine, and restore after reinstall the machine according the Microsoft instruction in Web.If I re-enroll for the signing certificate, I will get three new files "ca.crt-0", "ca.crt-1" and "ca.crt-2". These three files are different with the current files in the networkt equipments operating on the network. To enable the network equipments auto-enroll from the new CA, I have to replace these three files on all network equipemnts.There are a lots of network equipments on the network. It is a hard work to do so. How could I export the certifcate and restore on the new machine? Thus, all the network equipments could re-enroll automaticlly with the new CA server.Expecting for your response!

You need to reenroll the SCEP certificate, not the root CA certificateAlso, what is the remaining validity period on the root CA certificate.Brian

After I reinstall the machine, restore CA and IIS, the CEP Certificates' serial numbers in MMC is different with the two Administrator Issued Certificates' serial numbers in CA.How could I update the CEP Certificates with Administrator Issued Certificates? or, How could I backup the CEP Certificates to restore?I had try to backup the CEP Certificates in certificate manager MMC, but couldn't restore it. The scep program running on network equipment report MIME type error.Thanks!

Did you get an answer to this or resolved it? If yes how, please...