Results 1 to 3 of 3

Thread: Backup encryption - Windows CA walkthrough

  1. #1

    Question Backup encryption - Windows CA walkthrough

    Hello,

    we started using ZCB quite some time ago. I did not get encryption to work then and waited for the next version. Now I have upgraded to Version 4.0 and still seem not be able to get it all running.

    We have a Windows domain and an internal CA to create self-signed certificates. I tried computer-certificate, certificate for file encryption and user certificate. None of them worked, or at least one of the further steps failed.

    Perhaps someone could be so kind to give a hint which steps are necessary to
    1. Create correct certifcate (type, name,...)
    2. import certificate to correct user & store
    3. configure ZCB correctly ("name" of cert?)

    I really think this would help ZCB users a lot, as the current process and documentation seems to have a big "try on your own" factor. Also I did not find any information on how to create correct certificates via a Windows CA.

    Regards,

    Andreas

  2. #2
    Join Date
    Jan 2010
    Location
    California
    Posts
    49

    Default

    Hey Andreas,

    1. You need to create a PFX certificate with a matching common and friendly name. You can do this using your own tools. Or using abylon SELFCERT. Or I can provide you with a procedure for how to generate it using openssl on windows.

    2. You need to place the cert in a dir which is accessibly by any user. Then log in as the amandabackup user you created during installation. Install the certificate by double clicking on it. Make sure you mark the key as exportable, and to include the extended properties. DO NOT enable strong private key protection. Do not allow it to automatically select the store where the cert will be installed. Instead you must browse for it and install it in the Trusted Root Certification Authorities store. Then go through the install process for the cert again, but this time select the Personal store.

    3. After the cert has been successfully imported into both the Personal and the Trusted Root Certification Authorities log in as whatever user you want to manage backups as and run ZCB. In the encryption drop down, you should see the common name of the certificate listed. If it is not listed, you can try to enter it yourself. If you are not sure what the name of it is then you will need to log back in as the amandabackup user and then run the command: certmgr.msc from the run prompt. Then look in your Personal store and check the Friendly Name column.

    Does this answer your question?

    Regards,
    Boris

  3. #3

    Default Works

    Hello,
    thanks for the help, I got it working now.

    I guess the problem was with "common name" and "friendly name" having to be the same value. It did not get it with usual requesting of certificates on Microsoft CA.

    This link describes how I finally got it to work (offline certificate request):
    [url]http://blog.schertz.name/2011/08/certificate-requests-in-windows-server-2008/[/url]

    Thanks!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •