After install a stand-alone CA, I install the SCEP on the same machine A. I want to verify the procedure of CA's backup and restore. So, I reinstall another machine B with the same configuration, and copy backup files of IIS and CA from A, then restore IIS and CA. But my network equipment could not enroll new certificate anymore, becase the CEP's certificate had not been restored. All the other certificates were been restored correctly. Could anybody tell me how to backup/restore the certificate of CEP (SCEP) ?Thanks!

I assume that you are talking about HTTP-enrollment using WSTEP protocol. If this is true, the problem is that you need to backup (or reissue) SSL certificate for XCEP server. This is simple SSL certificate based on WebServer template. By default WebServer template doesn't allow to export the private key, therefore you have several ways:1) use policy.inf file that will instruct CA to allow private key exporting2) create V2/V3 custom template (duplicate from WebServer) and allow private key exporting in template settings.In that cases you will be able to backup the private key. If you have used standard WebServer template, you can manually enroll SSL certificate using request file and submit it directly to CA.http://www.sysadmins.lv

Sorry for my description not detailed.In my network, all the routers (not CISCO's product) enroll the certificates by SCEP with CA. And I install the SCEP with CA on the same machine A.If the machine A installed CA with SCEP was damaged someday, and couldn't reuse, I could install another machine, and restore the backup files.To verify the procedure, I do this in the lab. In test, I installed windows 2003 in machine B, and install IIS, then setup a stand-alone CA by import from backup file, finally install the SCEP, and restore IIS backup files. I found the routers could NOT enroll new certificate. I checked the certificates through MMC add Snap-in management. I found the certficates of CEP (for SCEP) were not restored.Another two new certificates was re-enrolled. So, the routers couldn't communicate with SCEP correctly.Could you give me a hand to solve this or some other solution?Thanks!