Configure a certificate template for key archival and recovery
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To configure a certificate template for key archival and recovery
Open Certificate Templates.
In the details pane, right-click the certificate template that you want to change, and then click Properties.
On the Request Handling tab, select the Archive subject's encryption private key check box.
To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open Certificate Templates, click Start, click Run, type certtmpl.msc, and then press Enter.
This procedure is applicable to version 2 templates. For more information about version 2 templates, see Related Topics.
In addition to this procedure, the certification authority must be configured to archive keys. For more information, see Related Topics.
Clients must be re-enrolled to receive a certificate that is based on the changed template if they already have a valid certificate that is based on the old template. For more information about re-enrolling clients, see Related Topics.
Establishing key options and key archival
Re-enroll all certificate holders
Key archival and recovery
Manage Key Archival and Recovery
Active Directory Certificate Services PKI - Key Archival and Management