Information Technology Reference
In-Depth Information
Figure 11-18
Selecting an export format for the certificate
Manual key archival is fine for a network with a small number of users and few keys to
manage. However, Windows Server 2008 provides automatic key archival in the Enterprise and
Datacenter editions when manual key archival isn't adequate. Automatic key archival uses a key
recovery agent (KRA), which is a designated user with the right to recover archived keys. A KRA
has a lot of power, so the user should be chosen carefully. The designated user must enroll for a
Key Recovery Certificate after the Key Recovery Agent template has been configured to allow
the designated user to enroll. The Key Recovery Agent certificate is then added to the Recovery
Agent tab of the CA server's Properties dialog box (see Figure 11-19).
Figure 11-19
Configuring a key recovery agent
Search WWH ::
Custom Search