Restoring an Organizational CA#
If the Organizational CA object has been deleted or corrupted, or if the Organizational CA's host server has suffered an unrecoverable failure, the Organizational CA can be restored to full operation using a backup file created as described in Backing Up an Organizational CA
The ability to restore an Organizational CA is only available in Certificate Server version 2.21 or later.
NOTE: If you were unable to make a backup of the Organizational CA, the Organizational CA might still be recovered if NICI 2.x is installed on the server and a backup was made of the NICI configuration information.
With NetWare 6 or later, the NICI configuration information is backed up by default using a backup utility.
To restore the Organizational CA:#
- Log in to the eDirectory tree as an administrator with the appropriate rights.
- Start ConsoleOne.
- Delete the Organizational CA object if it exists.
- Right-click the Security container object, then click New > Object.
- From the list box in the New Object dialog box, double-click NDSPKI:Certificate Authority. This opens the Create an Organizational Certificate Authority Object dialog box and the
- In the creation dialog box, specify the server that should host the Organizational CA and the name of the Organizational CA object. The server specified must have Certificate Server
- Specify the Import option.
- Click Next.
- Click Read from File, then select the name of the backup file in the dialog box.
- Click Next.
- Enter the password used to encrypt the file when the backup was made.
- Click Finish.
The Organizational CA's private key and certificates have now been restored and the CA is fully functional. The backup file can now be stored again for future use.
IMPORTANT#The exported file should be put on a diskette or some other form of backup media and stored in a secure place. The password used to encrypt the file should be committed to memory or stored in a safe place to ensure that it is available when needed, but inaccessible to others.
If the backup file is no longer needed, the file and the media it was stored on should be destroyed.