Featured Banner

This power shell script takes the backup of the Certification Authority (CA). It will work for both Root CA as well as Issuing CA.

It will take the back up of the following:

  • Database
  • Private key backup
  • CA Policy File
  • Configuration Registry Hive
  • Certificates
  • Templates details for Issuing CA
Download Script

Pre-requisites

  • Check for PKI Health.
  • Ensure you run the script as Admin on Powershell.
  • Check for the paths(location) and variables declared in the Variables Section in the script.
  • Check for HSM compatibility, configuration and credentials.
  • Steps to Execute the Script
  • Steps to Backup Using Task Scheduler

  • Ensure that we have this script ‐> CABackupHSM-nCipher.ps1 in C:\Scripts folder(or the directory where you have your .ps1 script).

  • Go to the Start Menu ‐> Type cmd to go to the Command prompt and ensure to run as administrator(by right clicking).

  • Then go to the directory where the script is residing (here its in, C:\Scripts)

  • Then to run powershell script on command prompt, type C:\Scripts>powershell .\ CABackupHSM-nCipher.ps1

Note: In case of Luna replace CABackupHSM-nCipher.ps1 with CABackupScript.ps1

Step 1: Create a New Task in Task Scheduler

  • Open Run (or press CTRL + R) and type “taskschd.msc” and press OK.
  • Navigate to Task Scheduler Library > Events Monitor (create a new folder if not available)
  • Right-click on Events Monitor and select “Create Task…”

Step 2: Configure Task Settings

  • In the “General” tab, enter Name, Description for the task.
  • Enter a name for the task (e.g., “CA Backup”).
  • Choose “Run whether the user is logged on or not”.
  • Select “Run with highest privileges”.
  • Configure for “Windows Server 2022”.
  • In the “Triggers” tab, click “New…”, choose “Begin the task:” as “On a schedule”, and under “Settings”, select “Daily”. Click on “Set settings…”
  • In the “Daily” settings window, set “Start time:” to 10:00 PM. Ensure “Recur every 1 day” is selected. You can leave the remaining options unchanged unless you have specific requirements (e.g., delaying the start time after logon). Click “OK” to close the “Daily” settings window, and then click “OK” again to create the new trigger.
  • In the “Actions” tab, click “New…”. In the “Action” field, select “Start a program”. In the “Program/script” field, enter “powershell.exe”. In the “Add arguments (optional)” field, enter -ExecutionPolicy Bypass -File C:\scripts\CABackupHSM-NCipher.ps1 (replace C:\scripts with the actual path where you saved the script). Click “OK”.
  • In the “Settings” tab, check “Allow the task to be run on demand”, “Run the task as soon as possible after a scheduled start is missed”. Select “If the running task does not end when requested, force it to stop” and “Stop the existing instance”. Click “OK”.

Certification Authority Backup Script










    Explore the full range of services offered by Encryption Consulting.

    Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

    Request a demo