Before you can use encryption in DPM, you need to do the following:

When you import a certificate, you copy the certificate from a file that uses a standard certificate storage format to a certificate store for your user account or your computer account.

The following procedures describe how to manage your account in MMC and import certificates into the DPM certificate store, DPMBackupStore.

To manage your account in MMC

To import certificates into DPMBackupStore

  1. In MMC, open the Certificates snap-in.

  2. In the console tree, click DPMBackupStore.

  3. On the Action menu, point to All Tasks, and then click Import to start the Certificate Import Wizard.

  4. Click Next.

  5. Type the name of the file that contains the certificate to be imported, or click Browse and navigate to the file.

    Certificates can be stored in several different file formats. The most secure format is Public-Key Cryptography Standard (PKCS) #12, an encryption format that requires a password to encrypt the private key. For optimum security, send certificates using this format.

    If the certificate file is in a format other than PKCS #12, skip to step 8.

    If the certificate file is in the PKCS #12 format, do the following:

    1. In the Password box, type the password used to encrypt the private key. You must have access to the password that was originally used to secure the file.

    2. (Optional) If you want to be able to use strong private key protection, select the Enable strong private key protection check box, if available.

    3. (Optional) If you want to back up or transport your keys at a later time, select the Mark key as exportable check box.

  6. Click Next.

  7. In the Certificate Store dialog box, select Place all certificates in the following store, click Browse, and select DPMBackupStore.

  8. Click Next, and then click Finish.

    Note
    The file from which you import certificates remains intact after you have imported the certificates. You can use Windows Explorer to delete the file if it is no longer needed.

To import self-signed certificates into DPMBackupStore Using Makecert.exe

  • Type the following command

    Makecert.exe -r -n "CN=MyCertificate" -ss DPMBackupStore -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -e <expiry date in mm/dd/yyformat>

See Also