Assume the following scenario:
The following describes how to restore a certification authority from backup. In addition to the disaster case, this procedure is also part of the Migration of a certification authority to a new server.
Continue reading „Wiederherstellung einer Zertifizierungsstelle aus der Sicherung (Backup)“Since Windows Server 2008, the installation of the Certification Authority role consists of two steps:
The following describes how to restore a certificate authority certificate with software key.
Restoring the certification authority certificate may be necessary for the following reasons:
The following describes how to restore a certificate authority certificate with software key.
Restoring the certification authority certificate may be necessary for the following reasons:
Certification authority certificates have a defined start and end date, so it is inevitable during the lifecycle of a certification authority that certification authority certificates will expire.
The following describes the impact of an expiring Certification Authority certificate on the Certification Authority.
Continue reading „Welchen Einfluss hat der Ablauf eines der Zertifizierungsstellen-Zertifikate auf die Zertifizierungsstelle?“Assume the following scenario:
Assume the following scenario:
The data is invalid. 0xd (WIN32: 13 ERROR_INVALID_DATA)Continue reading „Der Zertifizierungsstellen-Dienst startet nicht und wirft die Fehlermeldung „The data is invalid. 0x8007000d (WIN32: 13 ERROR_INVALID_DATA).““
During the lifetime of a certification authority, certification authority certificates are renewed according to the planning for their life cycle. A new key pair can optionally be used here. The previous certification authority certificates expire or are revoked.
Expired certificate authority certificates can become a problem under certain circumstances if, for example, the associated private keys are stored on old hardware security modules (HSM) and these can only be migrated to new hardware with great difficulty.
In such a case, it may be useful to remove old certification authority certificates from the certification authority configuration.
Continue reading „Entfernen alter Zertifizierungsstellen-Zertifikate aus der Konfiguration einer Zertifizierungsstelle“When operating a certification authority, it may be necessary to renew all issued certificates for a specific certificate template, for example due to major configuration changes or a change of the issuing certification authority. The following describes a mechanism with which this can be achieved automatically.
Continue reading „Alle für eine Zertifikatvorlage ausgestellten Zertifikate automatisch von den Zertifikatinhabern erneuern lassen“Professional operation of a Certification Authority also includes the regular creation of backups.
The following describes which components need to be backed up and the associated procedure.
Continue reading „Eine Sicherung (Backup) einer Zertifizierungsstelle erstellen“To a Securing a Certification Authority also includes the backup of the private key material. The backup of the private key material is deliberately described separately, since this should be done separately and its backups should also be stored separately from those of the certification authority.
Continue reading „Eine Sicherung (Backup) des privaten Schlüssels einer Zertifizierungsstelle erstellen“The most important component of a PKI in terms of availability is not the certification authority, as is often assumed, but the revocation list distribution points. If a certification authority is unavailable, initially no new certificates can be issued, but the certificates already issued can continue to be used without hindrance as long as their revocation status can be verified. In addition to the pure availability of the revocation list distribution points, the revocation information must of course also be valid in terms of its signature. Revocation lists have a defined expiration date after which they can no longer be used. If a certification authority has now failed, it can also no longer publish new revocation lists. The process of emergency signing of revocation lists is provided for this case.
Continue reading „Durchführen der Notfallsignierung von Zertifikatsperrlisten“Unfortunately, in practice it happens from time to time that the revocation list of a higher-level certification authority expires and a renewal does not take place. This can also happen as planned, for example when an old hierarchy is decommissioned.
Continue reading „Welchen Einfluss hat der Ablauf der Sperrliste einer der übergeordneten Zertifizierungsstellen auf die Zertifizierungsstelle?“The following describes the effects on certification authority operation when a root certificate that issued one of the certification authority certificates of a certification authority is imported into the Untrusted Certificates store on the certification authority.
This case may occur as planned, for example, when a previous certification authority hierarchy is to be decommissioned.
Continue reading „Welchen Einfluss hat der Import eines Stammstellenzertifikats in den „Untrusted Certificates“ Speicher auf die Zertifizierungsstelle?“
English 
Deutsch