Enable key archival

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To enable key archival

  1. Log on to the system as a Certification Authority Administrator.

  2. Open Certification Authority.

  3. In the console tree, click the name of the certification authority (CA).


    • Certification Authority (Computer)/CA name
  4. On the Action menu, click Properties.

  5. Click the Recovery Agents tab and click Archive the key.

  6. In the Number of recovery agents to use box, specify the number of recovery agents required to recover an archived key, and then add the recovery agents that you want to the Key recovery agent certificates list.


  • To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools, and then double-click Certification Authority.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also


Certificate Services example implementation: Key archival and recovery
Key archival and recovery
Working with MMC console files
Access control overview
Identify a key recovery agent

Other Resources

Active Directory Certificate Services PKI - Key Archival and Management