The Storage tab (Figure 12-15) displays where the certificate database and request
log are located. You can??™t change either of these values, but this information is provided
so you can easily locate them. The Active Directory checkbox is checked and grayed out
if you have an Enterprise CA, since you have no choice but to keep the configuration
data in Active Directory. On the other hand, if you have a Stand-alone CA server that is
a member of an Active Directory domain, you can optionally check this box to store its
configuration in AD as well.
The Certificate Managers tab (Figure 12-16) can be used to create additional restrictions
for the users specified in the Security tab for managing certificates. By default, all
certificate managers are unrestricted, but you can restrict certificate managers to certain
certificate templates here.
Figure 12-14. Extensions tab
421 Chapter 12: Enterprise Public Key Infrastructure
Figure 12-15. Storage tab
Figure 12-16. Certificate Managers tab
422 Microsoft Windows Server 2008 Administration
Hands-On Exercise: Backing Up Your CA
Backing up your CA is by far one of your most important tasks, since despite the ability
to recover certain data using recovery agents, the design of PKI specifically prohibits the
ability to generate exactly the same key to prevent identities from being compromised.
Lucky for us, backing up and restoring our private key, CA certificate, and certificate
database is as easy as running a wizard.
Pages:
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453