How to restore Stand-alone CA private key and CA certificate without backup file (PKCS #12 PFX format) from recovered harddisk with all files available?
Hi, Appreciate any help/advice, My Stand-alone CA computer crashed, there is no backup of the CA private key and CA certificate, that is no backup file in PKCS #12 PFX format. The harddisk was 100% recovered, is there any way/method I can recover the CA from the harddisk? Following is what I tried, [---Start---] [1] Setup a new Stand-alone CA computer with the same operating system and CA component which is Microsoft Windows 2000 Server Edition. [2] Copy files from following folders recovered from the harddisk, C:\CAConfig C:\WINNT\SYSTEM32\CertLog [3] Restart the Certificate Services after (2). I can see the previously issued user certificates, however when I further test bygenerating a new User CSR from a client system and uses this CA to "sign" or issue the new User CSR it was successfully issued but when loadedto the client system, it failed with following error, "Verification of Issuer Public Key failed." [---End---] I suspect the previous CA private key and CA Certificate was not used to "sign" the new User CSR, how can I "select" or point the CA to use the previous CA private key and Certificate? I verified this by looking at the CA Certificate information that it wasn't using the previous CA certificate. Thanks in advance.
October 26th, 2009 6:06am

Hi,If the HD is already recovered, why don't you put it on a new system (only to make the backups andyou don't need to plug in into the network)to make a backup of the database, keys and regkey in order to restore it in the new system?http://support.microsoft.com/kb/298138- how to move the CA to other server.Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2009 6:11pm

Thanks for the response. I can't boot up from the HD directly, I can only read it as a secondary HD. I have access to all files or data on the recovered HD, is there anyway I can "restore" the CA by copying all related CA files from the recovered HD to the new Stand-alone CA Computer directly? No backup was done, therefore no *.p12 file which can be used to restore the CA. To put it in another way, Is there a method where I can copy all CA related files onto respective expected folders onto the new Stand-alone CA Computer, start the CA Service and it would recognise the CA? Where is the Stand-alone Root CA private key stored on Windows 2000? Perhaps if I can find where the Root CA private key is stored, copy it to the expected file location on the new Stand-alone CA Computer and it would work? Any advice/help is appreciated.
October 27th, 2009 1:41pm

Hi, This is a tool named reccerts.exe which could be used to recover private key. Reccerts Usage: reccerts.exe -path: "profile path" -password:<password> But you have to contact to Microsoft Support to get this tool. Thank you for your understanding. If possible, I still suggest you try to repair the original system by booting system CD/DVD and choose repairing system. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2009 8:43am

Hi all, Thanks for all the advices and suggestions, appreciate it. Finally manage to recover the original system, everything is back to normal. Thanks for the advice, took the route to try and recover the hard disk by repairing and luckily it works. Now will make sure to keep backup. This is a very close call. Thanks.
November 11th, 2009 4:13am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics