Back Up a Certificate Authority in Windows Server 2008

Here are 2 manual methods to easily back up a Certificate Authority in Windows server 2008. The first method uses the ‘certutil’ utility from the command line. Simply open ‘cmd’ and type the following, where C:\CA_BACKUP is the path which you want to save the backup to:

certutil -backup C:\CA_BACKUP

You will see something like the output shown here:

Using the certutil -backup command

Notice that you are required to enter a password for the backup file in order to keep your CA data secure. Your backup files will now be found in the location you specified.

The second method uses the ‘Certificate Authority’ console. Using this method open the ‘Certificate Authority’ console and then right click on your CA and choose ‘All Tasks’ and then ‘Backup CA’ as shown:

Choosing 'Back up CA'

The first page of the Certificate Authority Backup Wizard is displayed, click ‘Next’:

The CA Backup Wizard

Choose which items you wish to back up, and then choose a location for your backup, then click ‘Next’:

Choose a backup location

Provide a password for the backup, and click ‘Next’:

Provide a password for your backup

Click ‘Finish’ complete the wizard and make your backup:

Complete the CA backup Wizard

As mentioned earlier these are manual methods for backing just the Certificate Authority data on a CA machine. You can always use schedule full system state backups using wbadmin, or your chosen third party backup tool, which will also backup this information.