Backup Certificate Authority PowerShell Script

Hi everyone,

As it is so important to backup your Certification Authority servers, automating this task is a bonus thing here.

As you may already know, you need to backup usually the following:

  • CA Private Key.
  • CA Database Files.
  • Configuration in the registry.
  • Perhaps the CAPolicy.inf file if any.

I was browsing the internet and i have found a brilliant PowerShell script that will do the trick in a professional way indeed.

The script is written by a PKI geek and you can download his PowerShell Script here. [ I guess it is relocated here:

http://www.sysadmins.lv/content/scripts/Backup-CertificationAuthority.ps1 ]

The script will backup all the previous files in a nice way. I have tested the integrity of the script by trying to restore a CA from the backed up files, and everything was working fine.

CA_Backup_Script

Now, you can create a scheduled task, with :

Program/script: %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe

Add Arguments(optional) : type the path of your PowerShell Script, for example C:\Backup_CA.PS1

Finally, make sure it is running as a SYSTEM security context.

Bckup_CA_Task

14 comments on “Backup Certificate Authority PowerShell Script

    • Open the script and you will customize the backup place. I am travelling now but when i have access to my laptop i can give u more info. It is a wonderful magical script indeed.

      • Unfortunately I am not yet a PowerShell Guru. Can you please help me find where to edit the save location of the backups?

  1. I got this to work but with some editing. This is a great script but it is not documented well and this post does not help either. More details are needed….

    This is what I did to get it to work for me:

    To run from command line or task scheduler, remove these lines:
    [Parameter(Mandatory = $true)]
    [IO.DirectoryInfo]$Path,

    add (after param section):
    $path = “d:” (or whatever location)

    create second script to call this script. Dot source this original script like so and call switches (to backup key and reg). To backup the key you have to provide a password – set it to something stronger.

    name: runscript.ps1
    content:

    Set-Location C:\CABackup
    . .\Backup-CertificationAuthority.ps1

    Backup-CertificationAuthority -backupkey -password password -extended -force

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s