Home
> Commands A-M
> Commands Ca-Cg
CERTUTIL Backup/Restore
Description
| Syntax
| Parameters
| Switches
| Related
| Notes
| Examples
| Errorlevels
| Availability
Certutil tasks for backing up and restoring certificates.
Certification authorities should be backed up regularly and restored when necessary to provide their services.
Syntax
CERTUTIL
[-backup]
[/?]
To back up Certificate Services:
CERTUTIL
-backup
[-f]
[-gmt]
[-seconds]
[-v]
[-config machine\user]
[-p password]
backup_directory
[incremental]
[keeplog]
To back up Certificate Services:
CERTUTIL
-backupdb
[-f]
[-gmt]
[-seconds]
[-v]
[-config machine\user]
backup_directory
[[incremental]
[keeplog]]
To back up the CA certificate and keys:
CERTUTIL
-backupkey
[-f]
[-gmt]
[-seconds]
[-v]
[-config machine\user]
[-p password]
backup_directory
To restore the CA database, certificates, and keys:
CERTUTIL
-restore
[-f]
[-gmt]
[-seconds]
[-v]
[-config machine\user]
[-p password]
backup_directory
To restore the CA database:
CERTUTIL
-restoredb
[-f]
[-gmt]
[-seconds]
[-v]
[-config machine\user]
backup_directory
To restore the CA certificate and keys from a backup directory or a PKCS #12 (.pfx) file:
CERTUTIL
-restorekey
[-f]
[-gmt]
[-seconds]
[-v]
[-config machine\user]
[-p password]
{backup_directory
| pfx_file}
To dump the CA database schema, for example, column names, types, and max sizes:
CERTUTIL
-schema
[-f]
[-gmt]
[-seconds]
[-v]
[-config machine\user]
[dump_type]
Parameters
- backup_directory
(NT2003)
- Specifies the backup directory.
- dump_type
(NT2003)
- Specifies one of:
- ext Displays the schema for Ext table
- attib Displays the schema for Attib table
- crl Displays the schema for the certificate revocation list (CRL)
- incremental
(NT2003)
- Implements an incremental backup instead of a full
backup. If omitted, performs a full backup.
- keeplog
(NT2003)
- Preserves database log files. If omitted,
combines the database log files into a single log file
that is retained upon the successful completion.
- pfx_file
(NT2003)
- Specifies the PKCS #12 PFX file.
Switches
- /?
(NT2003)
- Display help.
- -backup
(NT2003)
- Backs up Certificate Services.
- -backupdb
(NT2003)
- Backs up the Certificate Services database.
- Can run locally or remotely. The server and the
CA must be running. Typically, administrators used to
perform infrequent full backups followed by frequent
incremental backups. Each backup must be made into a
separate directory tree. Starting with the most recent
full backup, all backups are required to correctly
restore the database.
- -backupkey
(NT2003)
- Backs up the Certificate Services certificate
and private key.
- -config machine\user
(NT2003)
- Processes the operation by using the CA specified
in the machine/user configuration string.
- You must specify the machine or user in -config.
Otherwise, the Select Certificate Authority dialog box
appears and displays a list of all CAs that are available.
- If you use "-config -", the operation is processed
using the default CA.
- -f
(NT2003)
- Overwrites existing files or keys.
- -gmt
(NT2003)
- Displays time as Greenwich mean time.
- -p password
(NT2003)
- Specifies a password.
- The maximum length allowed for a PFX file password
is 32 characters.
- -restore
(NT2003)
- Restores the CA database, certificates, and keys
from the specified
backup_directory.
- -restoredb
(NT2003)
- Restores the CA database
from the specified
backup_directory.
- The CA server must not be running. Can run locally
or remotely.
- To restore a full backup and incremental backups,
you must restore the full backup first, and then
restore all subsequent incremental backups in any
order. To overwrite the existing server database files
with the full restore, use -f. Do
not start the server until all backups are restored.
- When you start the CA server, you initiate database
recovery. If you successfully start the CA server (that
is, as recorded in the application event log), this
indicates restore and recovery were completed
successfully. If the server fails to start after you run
-restore, you receive an
error code. For more information, you can also view the
RESTOREINPROGRESS registry key.
- -restorekey
(NT2003)
- Restores Certificate Services certificate and
private key from the specified
backup_directory
or PKCS #12 pfx_file.
- -schema
(NT2003)
- Dumps the CA database schema.
- -seconds
(NT2003)
- Displays time with seconds and milliseconds.
- -v
(NT2003)
- Specifies verbose output.
Related
CERTUTIL configure
CERTUTIL decode/encode
CERTUTIL certificates
CERTUTIL CRLs
CERTUTIL manage
CERTUTIL archival/recovery
CERTUTIL troubleshooting
Notes
none.
Examples
none.
Errorlevels
none.
Availability
- External
-
- DOS
-
none
- Windows
-
none
- Windows NT
-
NT2003
Last Updated: 2003/07/28
Direct corrections or suggestions to:
Rick Lively