Efs recovery agent certificate template

Instead, use a filename such as the testdra we used earlier. When prompted, enter a password and then re-enter the password to verify the password.

You'll be notified that the. PFX and. CER files have been created. Make a note of the folder in which they reside so you can easily browse to them. This was shown in Figure 9. Next, follow steps 1 through 11 in the previous exercise, Exercise 9. When prompted to select recovery agents Exercise 9. CER file. By default, this file resides in the path in which it was created.

If you look at Figure 9. If another path was selected, the. CER file resides in that alternate path. As shown in Figure 9. CER file, click to select it, and then click Open. If the certificate was created by EFS, you will receive a notice that Windows cannot determine if the certificate has been revoked.

Recall that we discussed that EFS does not maintain certificate revocation lists. This warning is shown in Figure 9. Click Yes to accept or No to reject.

Click Yes to display the final screen of the wizard, which shows the user and certificate you've selected. If you renewed did you use the same key or a new one? If you renew with a new key or generate a new ERA do all existing EFS-encrypted documents get updated with the new recovery agent certifcate and the old one removed? From what I recall, we created a new certificate last time our ERA cert expired. That does not update the RA key that is already in all existing encrypted files.

You can use the cipher. Generated a new one and backed up the old one to pfx. Any ideas on renewing the KRA cert? The KRA cert template is defined, by default, to require administrator approval for issuance. Depending upon the Windows version you are using, the web enrollment pages may not support enrollment of templates with defined issuance requirements such as this. I believe the WS08 server pages do not support these templates. The certificates snap-in, however, should allow you to enroll.

If the template is not showing as available, doublec check all CA and template permissions and also ensure the template is defined on the CA. Computers do not encrypt data. If something happens to computer certificate, it is easier to enroll new one instead of restoring old one.

Hi, If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide? Office Office Exchange Server. Not an IT pro? Resources for IT Professionals.

Sign in. United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Asked by:. Archived Forums. Sign in to vote. I am setting up CA to replace our CAs. I have some questions around the EFS templates. How to configure one? Any group policy changes required? Bitlocker Recovery Agent How to configure one?