Back up a certification authority

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To back up a certification authority


The procedures discussed in this article demonstrate how to back up only the certification authority (CA) database and private key. If you want to back up the CA database, private key, and CA configuration, see the backup procedures in AD CS Migration: Migrating the Certification Authority ( To back up all the configuration data for a computer, run a System State Data backup (

  • Using the Windows interface

  • Using a command line

Using the Windows interface

  1. Log on to the system as a Backup Operator or a Certification Authority Administrator.

  2. Open the Certification Authority console.

  3. In the console tree, click the name of the certification authority (CA).

    • Certification Authority (Computer)/CA name
  4. On the Action menu, point to All Tasks, and then click Back Up CA.

  5. Follow the instructions in the Certification Authority Backup Wizard.


  • To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools, and then double-click Certification Authority.

  • This procedure is useful if you want to back up a CA database and private key, without backing up the entire server or CA configuration on which the CA is installed.

    In general, you should use Backup to back up and restore both the CA and the server. For more information about backing up a computer running a Windows Server 2003 operating system, see Related Topics.

  • By default, members of the local Administrators group of CA computer can also back up the CA.

  • Using a command line

    1. Open Command Prompt.

    2. Type:

      certutil -backup <BackupFolder>

    Value Description


    Specifies a full backup of the CA's database.


    Specifies the path to use to store the backup data.


  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To view the complete syntax for this command, at a command prompt, type:

    certutil -backup -?

  • Information about functional differences

    • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

    See Also


    Role-based administration Working with MMC console files Restore a certification authority from a backup copy Using Network Monitor Backup Checklists for Backing Up and Restoring Data Certutil tasks for backing up and restoring certificates