It will take the back up of the following:
Note: This Script is written for nCipher HSM’s if you have any other HSM in your enviorments such as Gemalto Luna(SafeNet Luna) or Utimaco we will be able to help you do the Migration as well as automation around your PKI.
This script creates a timestamped destination folder (as CAbackup_$date) under one directory folder CABackup so that its easy to track the backed up data. Output directory at different timestamp will look like- C:\CAbackup\CABackup_13 May 2019-04_38_20 C:\CABackup\CABackup_13 May 2019-04_49_09
Private Key backup : 1) The script checks for the existence of nfast Service and if the service is in ‘running’ mode than it searches for the local folder. 2) Then it checks for the existence of a ‘local’ folder in C:\ProgramData\nCipher\Key Management Data and takes its backup at the destination(i.e. C:\CABackup) which gets automatically created when we run the script.
Database backup: Backup-CARoleService C:\CABackup -databaseonly This command takes only the backup of the database and not the private key as the private key has already been retrieved from the local folder.
Configuration registry Hive:
CA Policy File: It is a best practice to copy the CAPolicy.inf file into the destination directory (C:\CABackup). 1) By using this command – 2) Copy-Item $Env:windir\CAPolicy.inf -Destination $Path -Force -ErrorActionSilentlyContinue
CA Certificates & Certificates Chain – 1) In this script the cmd commands for retrieving and exporting the certificates have been piped through the powershell command, shown as below- 2) “certutil -ca.cert c:\CABackup\cacert.cer” | cmd 3) “certutil -ca.chain C:\CABackup\cachain.p7b” | cmd
Let's talk