1 00:00:07,220 --> 00:00:13,190 In this demonstration, you'll see how to configure SCA for a key archival. 2 00:00:14,060 --> 00:00:21,710 So first on along the Savannah in Server Manager, I'll click tools and then click Certification Authority 3 00:00:22,190 --> 00:00:24,580 in the Certification Authority Council. 4 00:00:24,990 --> 00:00:33,200 I'll expand the eight agency node on the right, click the certificates templates folder and then click 5 00:00:33,200 --> 00:00:33,800 Manage. 6 00:00:34,460 --> 00:00:41,900 Then in the details pane, I'll right click the key recovery agent certificate and then click properties. 7 00:00:42,910 --> 00:00:47,530 In the key recovery agent properties dialog dialog box. 8 00:00:47,860 --> 00:00:57,220 I'll click the issuance requirements tab and clear the certificate manager approval checkbox along. 9 00:00:57,220 --> 00:00:58,780 Click the security tap. 10 00:01:00,080 --> 00:01:07,460 In the demo, I'll notice that the main admin centre to process admins groups are the owner groups that 11 00:01:07,670 --> 00:01:09,920 have the enroll permission. 12 00:01:10,310 --> 00:01:11,690 And then click. 13 00:01:11,690 --> 00:01:19,940 Okay, I will close the certificate templates council until the Certification Authority Council. 14 00:01:19,970 --> 00:01:28,490 I will right click certificate templates and appoint to a new and then click certificate template to 15 00:01:28,490 --> 00:01:33,260 issue in the Enable Certificate Template Style Books. 16 00:01:33,620 --> 00:01:38,660 I'll click the key recovery agent template and then click okay. 17 00:01:40,020 --> 00:01:47,970 Well click start and then click the PowerShell Windows PowerShell icon and other Windows PowerShell 18 00:01:47,970 --> 00:01:58,110 coming from tile type imam Sidoti XP and Press Enter another the console one I'll click file and then 19 00:01:58,110 --> 00:02:05,160 click add to remove snipping add on to the add or remove snip in dialog box. 20 00:02:05,160 --> 00:02:13,440 I'll click certificates and then click out and in the certificate snap in dialog box I will select. 21 00:02:16,400 --> 00:02:20,360 My user account and click finish and then click. 22 00:02:20,360 --> 00:02:20,840 Okay. 23 00:02:21,740 --> 00:02:31,700 Then I'll expand cert current user node and to right click personal and point to all tasks and then 24 00:02:31,700 --> 00:02:38,330 click request new certificate in the Certificate Enrollment Resort only. 25 00:02:38,630 --> 00:02:45,260 Before you begin Page, I'll click next and on the Select Certificate Enrollment Policy Page, I'll 26 00:02:45,260 --> 00:02:54,410 click next learn on the request certificate page, I'll select the key recovery agent, check books 27 00:02:54,890 --> 00:02:58,310 and click Enroll and then click Finish. 28 00:02:59,450 --> 00:03:02,980 I'll refresh the console alone to view the key. 29 00:03:02,990 --> 00:03:05,330 Our A and the personal store. 30 00:03:06,900 --> 00:03:15,000 I can scroll across the certificate properties and verify the certificate template with the intended 31 00:03:15,000 --> 00:03:15,630 purpose. 32 00:03:15,930 --> 00:03:23,610 Key Recovery Agent is present oh well closed console one result save and change those and return to 33 00:03:23,610 --> 00:03:25,650 the certification authority. 34 00:03:25,650 --> 00:03:34,770 Counsel has the right to click a date and see how then click properties in the added and see Properties 35 00:03:34,770 --> 00:03:35,660 Dialog box. 36 00:03:35,670 --> 00:03:40,560 I'll click the Recovery Agent Step and then select archive. 37 00:03:40,650 --> 00:03:45,600 The Key and the key A Recovery Agent Certificates. 38 00:03:45,600 --> 00:03:46,980 I'll click Add. 39 00:03:47,950 --> 00:03:56,540 In the Q Recovery Agent Selection Dialog Books, I'll click more choices and click the certificate. 40 00:03:56,800 --> 00:03:59,770 The key k a purpose. 41 00:04:01,330 --> 00:04:06,700 It most likely will be the last on the list issued to administrator. 42 00:04:07,120 --> 00:04:08,110 Then I'll click. 43 00:04:08,110 --> 00:04:08,760 Okay. 44 00:04:09,040 --> 00:04:12,910 Once prompted to restart the see, I'll click. 45 00:04:12,910 --> 00:04:13,390 Yes.