Sign in with
Sign up | Sign in
Your question

EFS - Renew Certificates

Last response: in Windows XP
Share
Anonymous
June 20, 2005 5:59:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,
Im having problems with EFS not allowing me to encrypt new file or
folders because the Administrator certificate is expired. Does anyone know
how to renew this certificate? It looks to have been set in the default
domain policy (computer\windows\security settings\Public key policies\EFS)
when we went to our domain a few years ago. Im not sure if this is the
right place to post, but I've been pulling my hair out trying to figure out
how to renew this certificate. Any help would be appreciated.


Thanks

Al

More about : efs renew certificates

Anonymous
June 21, 2005 4:01:08 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

The original EFS File Recovery certificate is a self-signed certificate and
cannot be renewed. You will have to replace that certificate.
1. Back up the original File Recovery certificate w/private key to a .pfx
file. You'll need this file to recover encrypted files that may not get
updated to the new File Recovery certificate. Do the backup in
MMC\Certificates snap-in on the DC that has the original certificate. (Log on
as Administrator to see this.) Be sure the certificate you back up matches
the certificate that's in policy.
2. Run "cipher /r" to create a new File Recovery certificate (.Cer is the
public certificate and .pfx is the certificate w/the private key which should
be secured in a safe location. The .pfx is what you use to recover files.)
3. Delete the expired certificate from EFS policy.
4. Add the new certificate (.cer file) to EFS policy.
Once policy refreshes, EFS will work again.

More information is here:
http://www.microsoft.com/technet/prodtechnol/winxppro/d...

Thanks.
Pat

--
This posting is provided "AS IS" with no warranties, and confers no rights.


"Al Ardito" wrote:

> Hello,
> Im having problems with EFS not allowing me to encrypt new file or
> folders because the Administrator certificate is expired. Does anyone know
> how to renew this certificate? It looks to have been set in the default
> domain policy (computer\windows\security settings\Public key policies\EFS)
> when we went to our domain a few years ago. Im not sure if this is the
> right place to post, but I've been pulling my hair out trying to figure out
> how to renew this certificate. Any help would be appreciated.
>
>
> Thanks
>
> Al
>
>
>
!